SecurSentry
Topic hub

Cyber Essentials: the complete guide for UK small businesses

Cyber Essentials is a UK government-backed certification that confirms your business has five basic security measures in place to stop the most common cyber attacks. This guide explains what it covers, who needs it, what it costs and how to get certified.

Updated June 2026 7 guides in this hub ≈ 53 min to read it all

The short version

What is Cyber Essentials, and who needs it?

Cyber Essentials is a UK government-backed scheme — created by the NCSC and run by IASME — that certifies your business has five basic security measures in place. It is designed for ordinary businesses, not security specialists, and it is deliberately achievable for a small team. For the full plain-English walkthrough, read Cyber Essentials, explained.

You're most likely to need it when a customer or insurer asks for it, when you're bidding for a contract that requires it, or when you simply want a credible, recognised way to show you take security seriously. It is mandatory for some UK central government contracts.

The five controls, in plain English

Every Cyber Essentials assessment comes back to the same five areas. None of them needs a specialist — most are settings you can check this week. Our five-control checklist walks through each one.

Put these five in place and you've not only earned the certificate — you've genuinely reduced your risk, and you're already part-way through most security questionnaires.

Everything on Cyber Essentials

Every guide, in one place

Start wherever your question is. Each guide is a short, plain-English read — and they build on each other as you go.

Cyber Essentials is one door into the same work

The measures you put in place here aren't a dead end. They carry across the other things customers ask of you — do the work once, use it everywhere. We're building SecurSentry around exactly that.

Frequently asked questions

What is Cyber Essentials?

Cyber Essentials is a UK government-backed certification scheme that confirms your business has five basic security measures in place to defend against the most common cyber attacks: firewalls, secure settings, access control, malware protection and keeping software up to date.

Who needs Cyber Essentials?

Any UK business that wants to reassure customers, win contracts that require it, or meet a supplier or insurance condition. It is mandatory for some UK central government contracts that handle personal or sensitive data, and increasingly requested in private-sector security questionnaires.

How much does Cyber Essentials cost?

The certification fee is set by IASME and banded by organisation size, starting from a few hundred pounds plus VAT for a smaller business. The larger cost is usually the time to put the five measures in place and gather evidence — which also counts toward other requirements later.

What is the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials is a verified self-assessment. Cyber Essentials Plus covers the same five areas but adds a hands-on technical test by an external assessor, so it carries more assurance and costs more.

Be first to know when we launch.

Leave your email and we'll let you know the moment SecurSentry is ready. One email — no newsletters, no spam.

Just one email, at launch. We never share your data. Privacy policy.

You're on the list — we'll be in touch at launch.