Cyber Essentials
Meet the requirements with confidence - Partner with PS Tech to ensure your Cyber Essentials readiness.
What is Cyber Essentials?
Cyber Essentials is a UK government-backed scheme, supported by the National Cyber Security Centre. It helps organisations protect themselves against the most common cyber attacks, while also demonstrating a clear commitment to good security practice.
It focuses on five core technical controls that protect against the most common cyber threats, including phishing, malware, and credential-based attacks.
The scheme comes in two levels:
- Cyber Essentials – a self-assessed certification based on a detailed questionnaire
- Cyber Essentials Plus – includes independent technical testing to verify the controls are working effectively
Why Cyber Essentials matters
Most successful cyber attacks do not rely on advanced techniques. They exploit basic weaknesses such as unpatched systems, weak passwords, or poorly configured devices.
Cyber Essentials focuses on five core technical controls. These controls apply to both Cyber Essentials and Cyber Essentials Plus. The difference is how they are validated. We help you apply these controls in a way that is proportionate to your size, sector, and risk profile.
Here are those five controls and the benefits that come from achieving them:
1. Firewalls and secure configuration
Lowers the risk of unauthorised access by ensuring devices and networks are configured securely, with unnecessary services disabled and access properly restricted.
2. Secure settings
Prevents commonly exploited but avoidable weaknesses by making sure systems are set up to reduce exposure, rather than relying on default configurations that prioritise convenience over security.
3. User access control
Minimises the impact of compromised accounts by ensuring users only have access to what they need, while protecting high-level accounts more carefully.
4. Malware protection
Using appropriate tools and processes to prevent and detect malicious software across devices helps to stop ransomware, viruses, and other malicious software before they can spread or cause operational downtime.
5. Patch management
Keeping operating systems, applications, and firmware up to date reduces exposure to known threats without adding complexity.
Cyber Essentials
What it is
Cyber Essentials is a self-assessed certification that confirms your organisation has the basic technical controls in place to protect against common cyber attacks.
What it includes
- Review of your devices, users, and systems against the five Cyber Essentials controls
- Secure configuration of firewalls, devices, and user access
- Malware protection and patching processes put in place
- Policies and settings aligned with Cyber Essentials requirements
- Support to complete and submit the self-assessment questionnaire
Best suited for
- Organisations needing Cyber Essentials for contracts or tenders
- Businesses wanting a recognised cyber security baseline
- Teams looking for a practical first step into formal security standards
How PS Tech helps
We make sure your systems and processes are ready to meet the requirements before you apply, so the self-assessment reflects reality, not guesswork.
Cyber Essentials Plus
What it is
Cyber Essentials Plus builds on the same requirements but includes independent technical testing to prove the controls are working as expected.
What it includes
- Everything covered under Cyber Essentials
- Technical testing of a sample of devices and systems
- Verification that patching, access controls, and protection are correctly applied
- Identification and remediation of issues before formal testing
- Preparation to reduce the risk of failure and retesting
Best suited for
- Organisations needing a higher level of assurance
- Businesses handling sensitive or regulated data
- Supply chains or clients requiring independently verified security
How PS Tech helps
We prepare your environment so it stands up to testing, addressing gaps in advance and ensuring consistency across devices and users.
Our approach to Cyber Essentials and Plus
We understand that no two organisations operate in the same way. A policy that works on paper but fails in practice creates risk rather than reducing it. Our role is to translate Cyber Essentials requirements into controls that fit your environment.
We take the time to understand how your systems are used day to day, where your risks sit, and what level of change is realistic. From there, we guide you through what is required, why it matters, and how to implement it properly.
Our support is focused on readiness and confidence. We help you put the right controls in place so the certification reflects reality.
Our support typically includes:
- Assessment of your current environment against Cyber Essentials requirements
- Clear guidance on what must be addressed to qualify for certification
- Practical remediation support across devices, networks, and user access
- Policy and process alignment to meet scheme expectations
- Support completing the Cyber Essentials self-assessment
- Technical preparation for Cyber Essentials Plus testing, where required
Throughout the process, we act as a partner rather than an auditor. You will always know where you stand, what still needs attention, and when you are ready to proceed with certification.
Cyber Essentials FAQ's
Is Cyber Essentials right for your organisation?
If your organisation relies on IT systems, handles personal or sensitive data, or works with clients who expect a basic level of cyber security assurance, Cyber Essentials is rarely a wasted effort. It provides a recognised baseline that helps reduce common risks while demonstrating good security practice to customers, partners, and regulators.
What is the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials is a self-assessed certification where you confirm your controls meet the required standard. Cyber Essentials Plus covers the same controls but includes independent technical testing to verify they are working as expected.
Is Cyber Essentials a legal requirement?
Cyber Essentials is not a legal requirement for most organisations. However, it is often mandatory for public sector contracts and increasingly requested within supply chains and by insurers.
How long does Cyber Essentials certification last?
Certification lasts for 12 months. Organisations must renew annually to confirm their controls continue to meet the requirements.
How long does it take to become Cyber Essentials certified?
The timescale depends on your current setup. For organisations with well-managed systems, it can be completed relatively quickly. Where gaps exist, additional time may be needed to address configuration, access, or patching issues before applying.
Will Cyber Essentials stop all cyber attacks?
No. Cyber Essentials is designed to protect against the most common attacks, not every possible threat. It significantly reduces risk but works best when combined with wider security measures and good IT management.
Do small organisations need Cyber Essentials?
Yes. Smaller organisations are often targeted because they are perceived as easier to compromise. Cyber Essentials helps put sensible protections in place without unnecessary complexity.
Can Cyber Essentials help with cyber insurance?
Many insurers view Cyber Essentials positively, and some require it or offer improved terms where certification is in place. It demonstrates that basic security controls are being actively managed.
Do we need Cyber Essentials if we already have IT support?
IT support and Cyber Essentials serve different purposes. Good IT support helps keep systems running smoothly, while Cyber Essentials provides independent confirmation that core security controls are in place.
Thinking about Cyber Essentials?
Book a chat with Paul to understand what’s required, which level applies to your organisation, and how we help you get ready for certification.
