Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

So just how essential is Cyber Essentials? Here’s 3 reasons why you need it

Cyber Essentials Certification was launched by the British Government in 2014 to protect organisations against cyberattacks. A Canadian version followed four years later.

It didn’t really hit the headlines in the way that data security schemes like the GDPR did, presumably because it’s not a legal requirement.

So if it’s not compulsory, why bother? Is tinkering about with firewall settings, antivirus programs and security updates really worth the bother? Just how essential is Cyber Essentials?

Well, while it’s not obligatory to have the certification right now, that doesn’t mean this will always be the case.

We think it’s crucial – and that’s why our latest CertiKit Toolkit helps businesses in the UK and Canada apply for certification. We wouldn’t be at all surprised if more countries follow suit soon.

Here are our top three reasons to get certified:

1. Peace of mind: If you fail to protect your computer systems, you’re at more risk of a cyber attack. A nasty virus could result in your organisation losing vital data, disrupting cashflow and taking up staff time. An attack could also damage your reputation, prevent you from trading and land you in hot water legally. For example, loss of personal data could breach laws such as the GDPR, the Data Protection Act or PIPEDA (in Canada) and lead to prosecution.

2. Government contracts: Since October 2014, four months after the launch of the UK version of Cyber Essentials, any organisation bidding for a contract with the British Government has needed Cyber Essentials certification. In Canada, some, but not all, Government agencies and departments will demand Cyber Essentials certification for contract bids.

3. Customer kudos: Getting Cyber Essentials certification shows your customers that you take cyber security seriously and are taking steps to keep the data you hold about them safe. As well as your certificate, you will be listed on the Cyber Essentials website and be given permission to display a Cyber Essentials logo on your stationery, website and email signature. This is all great for showing customers – and prospective ones – that you’re serious about cyber security.

What is Cyber Essentials?

So what is Cyber Essentials Certification and how can it keep your business safe from cyber attacks? In a nutshell, the scheme is divided into five key areas:

  • Firewalls: Securing your internet connection with boundary and host-based firewalls.
  • Secure Configuration: Settings, passwords and two-factor authentication.
  • User Access Control: Administrators and limiting access to data and services.
  • Malware Protection: Viruses, whitelisting and sandboxing.
  • Patch Management: Keeping your devices and software up to date.

Cyber Essentials guidance breaks these down into finer details, and our toolkit guides you through what you need to do to achieve certification.

And don’t just think that Cyber Essentials applies to business giants like Barclays, Hewlett-Packard and Vodafone, although all three are certified. The scheme is relevant to businesses and other organisations of all sizes.

In more recent times, there has been a push for small businesses, accountants and higher education providers to get certified. Even law firms registered with Lexel – a Law Society legal practice quality mark – are being told they, too, should be Cyber Essentials certified.

Included in our toolkit are policies on everything from firewalls and mobile devices to passwords and cloud computing. There are also forms to help you with your application, handy posters and a gap assessment spreadsheet.

Three steps to heaven

Cyber Essentials certification involves three simple steps:

  1. Select a certification body via an accreditation body (see our toolkit implementation guide for details).
  2. Verify that your IT is secure and meets the standards set by Cyber Essentials.
  3. Complete and submit a questionnaire – your certification body will provide this and verify your answers.

Once you’ve passed, you will be awarded your certificate, you will be protected against most cyberattacks and your customers and prospective customers will know their data is in safe hands.

More Cyber Essentials Resources

CertiKit is a provider of document toolkits and has helped more than 4000 organizations worldwide with their compliance.

For more guidance on implementing the Cyber Essentials scheme, we’ve put together a list of our best free resources including sample documents, blogs and downloadable documents.

Free Cyber Essentials Resources

We’ve helped more than 4000 businesses with their compliance


Thanks for saving me many, many hours of policy writing!

Le Rucher

View all Testimonials