Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you request to download our free implementation guide, we use your name, company name (which is optional) and your email address to email you a link to download the requested document. We may also email you after your download in order to follow up on your interest in our products and services. We will do this based on our legitimate interest in marketing to prospects for our products and services. Your name and email address are stored on our website which is hosted with Digital Ocean. Your personal data is stored for one year after you requested your download, after which it is deleted.

Reveal Menu

So just how essential is Cyber Essentials? Here’s 3 reasons why you need it

Cyber Essentials Certification was launched by the British Government in 2014 to protect organisations against cyberattacks. A Canadian version followed four years later.

It didn’t really hit the headlines in the way that data security schemes like the GDPR did, presumably because it’s not a legal requirement.

So if it’s not compulsory, why bother? Is tinkering about with firewall settings, antivirus programs and security updates really worth the bother? Just how essential is Cyber Essentials?

Well, while it’s not obligatory to have the certification right now, that doesn’t mean this will always be the case.

We think it’s crucial – and that’s why our latest CertiKit Toolkit helps businesses in the UK and Canada apply for certification. We wouldn’t be at all surprised if more countries follow suit soon.

Here are our top three reasons to get certified:

1. Peace of mind: If you fail to protect your computer systems, you’re at more risk of a cyber attack. A nasty virus could result in your organisation losing vital data, disrupting cashflow and taking up staff time. An attack could also damage your reputation, prevent you from trading and land you in hot water legally. For example, loss of personal data could breach laws such as the GDPR, the Data Protection Act or PIPEDA (in Canada) and lead to prosecution.

2. Government contracts: Since October 2014, four months after the launch of the UK version of Cyber Essentials, any organisation bidding for a contract with the British Government has needed Cyber Essentials certification. In Canada, some, but not all, Government agencies and departments will demand Cyber Essentials certification for contract bids.

3. Customer kudos: Getting Cyber Essentials certification shows your customers that you take cyber security seriously and are taking steps to keep the data you hold about them safe. As well as your certificate, you will be listed on the Cyber Essentials website and be given permission to display a Cyber Essentials logo on your stationery, website and email signature. This is all great for showing customers – and prospective ones – that you’re serious about cyber security.

What is Cyber Essentials?

So what is Cyber Essentials Certification and how can it keep your business safe from cyber attacks? In a nutshell, the scheme is divided into five key areas:

  • Firewalls: Securing your internet connection with boundary and host-based firewalls.
  • Secure Configuration: Settings, passwords and two-factor authentication.
  • User Access Control: Administrators and limiting access to data and services.
  • Malware Protection: Viruses, whitelisting and sandboxing.
  • Patch Management: Keeping your devices and software up to date.

Cyber Essentials guidance breaks these down into finer details, and our toolkit guides you through what you need to do to achieve certification.

And don’t just think that Cyber Essentials applies to business giants like Barclays, Hewlett-Packard and Vodafone, although all three are certified. The scheme is relevant to businesses and other organisations of all sizes.

In more recent times, there has been a push for small businesses, accountants and higher education providers to get certified. Even law firms registered with Lexel – a Law Society legal practice quality mark – are being told they, too, should be Cyber Essentials certified.

Included in our toolkit are policies on everything from firewalls and mobile devices to passwords and cloud computing. There are also forms to help you with your application, handy posters and a gap assessment spreadsheet.

Three steps to heaven

Cyber Essentials certification involves three simple steps:

  1. Select a certification body via an accreditation body (see our toolkit implementation guide for details).
  2. Verify that your IT is secure and meets the standards set by Cyber Essentials.
  3. Complete and submit a questionnaire – your certification body will provide this and verify your answers.

Once you’ve passed, you will be awarded your certificate, you will be protected against most cyberattacks and your customers and prospective customers will know their data is in safe hands.

Our toolkit costs £199. UK certification costs from between £300 and £600, depending on the certification body, and $1,750 in Canada.

We reckon that’s a small price to pay for peace of mind.

Click here to buy your CertiKit Cyber Essentials Toolkit today.

Over 3000 businesses have purchased our toolkits


The tool is excellent and saved me a lot of work in writing documents, designing forms and spread sheets, etc. It was also very useful in tracking where I was in relation to my compliance.

Robin Hood Energy Limited

View all Testimonials