The UK government’s baseline cyber security standard — protect your business, win government contracts, and reduce your exposure to common cyber threats. Full support from scoping to certificate.
Developed by the National Cyber Security Centre, Cyber Essentials is the UK government’s minimum recommended cyber security standard. The five controls it requires have a measurable, proven impact on your exposure to attack.
92%
less likely to make a cyber insurance claim with Cyber Essentials certification
80%
of common cyberattacks blocked by implementing the five technical controls
1,000+
organisations certified and secured by our specialist cyber security partner team
The five technical controls
What Cyber Essentials covers
The certification focuses on five foundational controls that defend against the vast majority of common, low-skill cyberattacks. Developed by the NCSC, these controls set the minimum recommended standard for organisations of all sizes.
1
Boundary Firewalls & Internet Gateways
Ensure only necessary services are exposed. Block unauthorised access at the perimeter.
2
Secure Configuration
Remove default settings, disable unnecessary accounts, and configure devices securely.
3
User Access Control
Limit user privileges to only what’s needed. Protect admin accounts with MFA.
4
Malware Protection
Protect devices against malware, ransomware, and malicious code through up-to-date software.
5
Security Update Management
Patch software, operating systems, and firmware within 14 days of a critical update.
Choose your level
Cyber Essentials vs Cyber Essentials Plus
Both certifications validate the same five controls — the difference is how that validation is carried out, and how rigorous the evidence standard needs to be for your sector.
Cyber Essentials
Self-assessment
Your organisation completes a structured questionnaire about how the five controls are implemented, assessed and verified by a certifying body.
✓ Suitable for most UK SMEs
✓ Faster turnaround — often 2–4 weeks
✓ Meets government contract requirements
✓ Qualifies for free cyber liability insurance (UK SMEs)
✓ NCSC-recognised certification badge
✓ Annual renewal required
⚠ Relies on accuracy of answers unless you choose Pass First Time, which includes a pre-assessment review
Recommended
Cyber Essentials Plus
Independent technical audit
Includes everything in Cyber Essentials, plus a rigorous technical audit — our specialist partner verifies controls are actually working through hands-on testing and scanning.
✓ Required for Cyber Essentials Plus badge
✓ Satisfies PCI-DSS and ISO 27001 evidence
✓ Required for many government and defence contracts
✓ External vulnerability scanning of internet-facing systems
✓ Higher assurance for customers, insurers & stakeholders
⚠ More time-intensive and higher cost than basic — but Pass First Time Guarantee means no re-sit fees
Not sure which level is right for your business? Talk to the team — we’ll recommend the right starting point based on your contracts, sector, and risk profile.
Business benefits
Why UK businesses invest in certification
Beyond the security improvements, Cyber Essentials opens doors — to government contracts, better insurance terms, and stronger supplier relationships.
Win government contracts
Most UK government contracts — and an increasing number of large private-sector tenders — require Cyber Essentials to bid. Without it, you may be disqualified at the procurement stage.
Dramatically reduce cyber risk
The five controls block the majority of common cyberattacks, including ransomware. Certified organisations are 92% less likely to make a cyber insurance claim.
Insurance advantages
Some insurers offer reduced premiums for certified businesses. UK-based SMEs whose certification covers their full organisation may qualify for free cyber liability insurance.
Build trust with customers
Certification signals to customers, partners, and suppliers that your organisation takes data security seriously — a competitive differentiator in tender processes and procurement.
Support compliance requirements
Cyber Essentials supports compliance with the Data Protection Act 2018 and GDPR, and strengthens your compliance position with regulators and industry bodies.
Part of the UK national programme
The scheme is part of the UK’s National Cyber Security Programme, helping raise the security baseline across all sectors. Certification demonstrates you’re part of the solution.
How it works
From enquiry to certificate — step by step
Our specialist cyber security partner manages the entire certification process. You’ll have expert support at every stage, with a mock assessment before the official one to maximise your chance of passing first time.
1
Scoping & consultation
We confirm the scope of certification — devices, users, networks — and advise on the right tier for your needs.
2
Mock assessment
Before the official assessment, our specialist team runs a mock evaluation to identify and remediate any failure points.
3
Formal assessment
Self-assessment questionnaire (CE) or technical audit (CE Plus) — with expert guidance throughout the process.
4
Certificate issued
Receive your NCSC-recognised badge. Use it on tenders, your website, and supplier documentation immediately.
Our guarantee
Pass First Time Promise
Our specialist partner’s mock assessment process is designed to ensure you pass the official assessment on the first attempt. If you don’t — for any reason — re-sits are provided free of charge. No financial risk, no surprises.
Mock assessment included
Free re-sits if needed
Fixed cost, no surprises
Why Techfident
Why businesses trust Techfident for cyber security
01
Government-approved certifying body
Our specialist partner is a government-approved Cyber Essentials Certifying Body, accredited by IASME on behalf of the NCSC. Assessments meet official standards — not approximations of them.
02
One contact throughout
You work directly with Akbar at Techfident. No account managers, no handoffs mid-project. One person owns your certification from the first conversation to the certificate being issued.
03
Pass First Time or we re-sit free
The mock assessment before the official one isn’t a tick-box exercise — it’s a genuine audit designed to surface every failure point before it counts. If you still don’t pass, we re-sit at no cost.
04
Security beyond certification
Cyber Essentials is the foundation, not the ceiling. Through our specialist partner we offer penetration testing, vulnerability scanning, SOC services, and incident response — all available as your needs grow.
Common questions
Cyber Essentials — frequently asked
Cyber Essentials is a UK government-endorsed cyber security certification developed by the National Cyber Security Centre (NCSC). It focuses on five foundational technical controls — boundary firewalls, secure configuration, user access control, malware protection, and security update management — that defend against the vast majority of common, low-skill cyberattacks.
Cyber Essentials is a self-assessment certification: your organisation completes a structured questionnaire about how the five controls are implemented, which is then verified by a certifying body. Cyber Essentials Plus includes everything in the basic certification plus an independent technical audit — our specialist partner carries out hands-on testing, external vulnerability scanning, and internal device checks to verify that controls are actually working, not just documented.
Cyber Essentials self-assessment typically completes within 2 to 4 weeks from scoping to certificate. Cyber Essentials Plus takes longer because it includes a technical audit and hands-on testing. Both timelines depend on how prepared your systems are at the start — our Pass First Time process includes a mock assessment to identify and fix gaps before the official assessment, keeping delays to a minimum.
No. Techfident is based in Hertfordshire but works with businesses across the UK. Cyber Essentials certification is conducted remotely — there is no requirement for on-site visits, so location is not a barrier.
Pricing depends on the size of your organisation and the level of certification — Cyber Essentials or Cyber Essentials Plus. We provide fixed-cost proposals after a short scoping conversation, so there are no hidden fees. Contact us to get a quote tailored to your business.
Failing the initial assessment is common and nothing to be concerned about. You will receive a detailed remediation report identifying exactly what needs to change. Techfident works through those remediation items with you — whether that is patching, firewall configuration, MFA setup or access control changes — and re-submits once everything is in place. Most businesses achieve certification within two submission attempts.
Yes. Cyber Essentials certification is mandatory for all UK central government contracts that involve handling personal data or providing certain ICT products and services. It is also increasingly required by larger private sector organisations and insurers as a condition of doing business. Even where it is not mandatory, holding Cyber Essentials demonstrates a baseline security posture that gives clients and partners confidence.
Yes. Techfident manages the end-to-end process — initial gap assessment, technical remediation, submission preparation and assessor liaison. You answer business-level questions; Techfident handles the technical detail. This approach significantly reduces the internal time commitment required and avoids the common mistakes that lead to failed first submissions.
Related cyber services
Explore other cyber security services
Cyber Essentials provides a solid foundation. These services go further — testing your defences, scanning your external systems, and managing your cyber risk continuously.