What’s the difference between Cyber Essentials and Cyber Essentials Plus?

With cyber security threats growing in scope and prominence, more and more businesses are looking to gain their Cyber Essentials accreditations. When they come to pursue these certifications, however, many are faced with a puzzling conundrum: should our business pursue the Cyber Essentials certification, or Cyber Essentials Plus?

The importance of cyber security is such that we wouldn’t normally recommend half measures, making the Cyber Essentials Plus accreditation immediately tempting. Yet the differences between the two certifications are actually fairly minimal. Which one you choose will depend on your particular circumstances – and both are ultimately a great way to improve your digital literacy and cyber security measures.


What are the Cyber Essentials certifications?

Cyber Essentials is a UK government-backed scheme designed to protect businesses against cybercrime. Compared to standards such as ISO 27001, Cyber Essentials is intended as a simpler, more achievable scheme that still provides businesses with consequential protection against cyber attacks.

While ISO 27001 and other standards provide comprehensive data protection, not all businesses can or should be expected to meet such stringent certification requirements. The majority of cyber attacks are unsophisticated, and rely on simple errors and major security flaws. Cyber Essentials aims to fix these basic problems and oversights, providing robust cyber security protection for businesses that lack any real form of data protection.

Around 120,000 Cyber Essentials certifications have been given to businesses to date. Requalification is required each year as the certification requirements are updated each year, reflecting advancements in cyber security protocols and protections. While Cyber Essentials is not mandatory for businesses, it is a basic requirement for many public sector contracts, making it a significant benefit for businesses looking to gain government contracts.


What’s the difference between Cyber Essentials and Cyber Essentials Plus?

If the Cyber Essentials and Cyber Essentials Plus certifications look very similar on a surface level, it’s probably because they are! Cyber Essentials is a Level 1 certification, while Cyber Essentials Plus is a Level 2, so the process to achieve both starts in the same way. You will need to complete Cyber Essentials in order to progress to Cyber Essentials Plus. After this, there is only one further step which differentiates Cyber Essentials Plus.

Firstly, you will receive a portal or questionnaire from us with eight sections, containing a total of 70 questions about your security controls. Once you have completed these questions, one of our assessors will review your application. If you meet the criteria, you will pass the Level 1 Cyber Essential certification. Organisations from start-ups to global entities have found the Cyber Essentials process to be very educational, and many report that it has improved behaviour and changed attitudes across the organisation on the importance of cybersecurity.

If you are interested in upgrading to Cyber Essentials Plus, a further verification process is required. This essentially involves an audit or a systems assessment of your business, which will test a set of user devices, internet gateways, and servers with services accessible to unauthenticated users.

This involves internal and external vulnerability assessments, an email check, an anti-virus check, and file execution tasks. Compare this to Cyber Essentials Level 1, where there is no verification involved. This extra step means that your controls and security have been tested and verified, and grants you the Cyber Essentials Plus certification, which is valid for one year.

We would highly recommend upgrading to Cyber Essentials Plus, as it provides clients with further peace of mind that the security controls are being followed correctly. Sota can help guide you through the process and the benefits of achieving both certifications. If you want to grow your business and enhance your security, get in touch with us today to learn more.

Latest Articles

View all
  • From time to time we send updates and useful information about our services and industry trends.
  • This field is for validation purposes and should be left unchanged.

Contact us

  • This field is for validation purposes and should be left unchanged.