Close this search box.

Thinc insights

Cyber Essentials Certification: what it is and why you need it

For SMEs looking to protect their data, Cyber Essentials Certification sets out the path to stronger security.

Cyber security can sometimes be a lower priority for SMEs - it’s ‘far too costly’ and ‘difficult to implement and maintain’, and some businesses just don’t know where to begin.

But the impact of being hacked can be hit much harder than the investment in a safe and thorough cyber security setup. Having a cyber security framework to use can really help to implement your setup.

That starts with Cyber Essentials.

We’re here to provide more information on what Cyber Essentials is, why an SME would need it, how to get it and what it costs.

What is Cyber Essentials?

Cyber Essentials is a UK government-backed scheme, launched in 2014, helping you to guard against the most common cyber threats. It’s a set of basic technical controls that organisations should have in place to protect themselves against common online security threats.  

Not only does it protect you from potential risks, but it also demonstrates to your customers that you have absolute commitment to cyber security; that you can be trusted. What’s more, if you’re bidding for government contracts that include work handling sensitive information, some require you to have Cyber Essentials.  

Prevention is better than cure, so having things in place to prevent successful attacks is important. 

Why would a SME need Cyber Essentials?

According to the UK government, only 12% of UK businesses are aware of the Cyber Essentials scheme.

In 2024, 70% of medium businesses were on the receiving end of an attack or breach in the past year. The average cost of the most disruptive breach for a business of any size was £1,205, rising sharply to approximately £10,830 for medium and large businesses.

The problem is, smaller and medium-sized businesses might not have the resource or expertise to think about cyber security beyond the basics of antivirus and firewalls. Because of this, many hackers target firms that do not have Cyber Essentials controls in place.  

Cyber Essentials gives you the fundamentals to ensure you can secure your business. Here are a few of the key benefits. 

1. Protecting your assets

If you’re handling data, you’ll need to put steps in place to make sure that it’s secure You’ll need to protect your customer data, as a breach can result in catastrophe. Breaches can severely damage your business reputation, leading to employee turnover and clients walking away. Partnerships can be lost, supply chains can be damaged, and pending contracts ripped up and thrown away. 

Protecting your data takes away all the risks and anxieties surrounding breaches. With Cyber Essentials in place, you’re well placed to ensure business continuity and compliance with regulatory requirements. 

2. Educating your team

Many tasks and functions at SMEs are a real team effort – and cyber security is no different.  

Educating your staff about the risks is another area where Cyber Essentials can show you the way forward. It comes with training to keep your people alert to the risks and how to prevent a successful attack. This includes being wise to password security, phishing attacks and how to spot suspicious activity. 

Once your people are vigilant to what an attack looks like, you’re in a great position to stay safe. 

3. Maintaining your reputation

Your business reputation can be damaged if attacked successfully. There are plenty of high-profile stories of companies who’ve been impacted by security breaches, resulting in fines, lawsuits and loss of customer loyalty. It can take a long time to rebuild that lost trust, and a hit on reputation will have a negative impact commercially.  

A visible certificate gives complete confidence to customers and partners. It can be required for submission on any bids that include data handling, and many government bodies require their suppliers to have this badge.  

Customers will be looking for reassurance that their data is in safe hands and may look elsewhere if another supplier is able to give evidence that they take the necessary precautions. 

4. Looking after the bottom line

We’ve touched upon the costs of a successful attack on your business, but it’s important to realise that the costs of Cyber Essentials accreditation is cheaper than the average cost of a breach to a medium-sized business. 

But it’s not just about the cost of prevention and remedy. There’s also the question of insurance premiums. If you can’t provide evidence of measures such as those set out in Cyber Essentials, insurance costs for your business will increase.  

With Cyber Essentials, those eligible for insurance will be asked to opt in if they want cover. The cost of the certification remains the same whether you opt in or not (for those with less than £20 million annual turnover). 

A worker in a company stands accessing a business system via a laptop in an office.
Cyber Essentials is there to help organisations of all sizes achieve a security benchmark.

How can you achieve Cyber Essentials?

To achieve successful accreditation, you’ll need to carry out a self-assessment with the IASME consortium, partners to the Cyber Essentials scheme. There’s also a Cyber Essentials readiness toolkit, where you’ll answer a series of questions to help you to think about cyber security at your organisation. 

The self-assessment will come with questions about your business, current IT infrastructure and hardware. Upon successful completion, you’ll receive your certificate, giving you peace of mind that your defences will protect against most common cyber-attacks. 

What does Cyber Essentials certification cost?

Costs are scalable, based on the size of your business. For the smallest organisations, with 0 to 9 employees, it costs £320 + VAT. For those with 10 to 49 employees, it will be £440 + VAT. At medium organisations, with 50 to 249 employees, you’re looking at £500, and at larger organisations of more than 250 employees, it’ll cost £600. 

These costs are current on 5 June 2024. For the latest costs, visit the IASME website. 

Do MSPs offer Cyber Essentials support?

A managed service provider (MSP) such as Thinc can help your business prepare. You can go a long way to bolstering your cyber security through working with an MSP, as they can support with protecting your assets, strengthening your defences and training your team to become cyber security experts.  

The benefits of working with an MSP can go beyond the fundamentals and really help you tailor your cyber security setup to your specific requirements. You can also carry out a wider cyber security audit of your systems with an MSP, who can then help you identify with support you need with endpoint protection, managed firewalls, vulnerability assessments, business resilience and more. 

Useful resources on Cyber Essentials for business

If you’re looking to find out a bit more about Cyber Essentials Certification, there’s a range of helpful resources available. We’d recommend looking at the following: 

If you’re unsure on how you’d implement these components for your business, partnering with a managed service provider can really help to take away the headaches.  

Talk to Thinc about Cyber Essentials

We can help you to get ready for Cyber Essentials accreditation, offering expertise to support you with your needs. There may be components of your setup that need addressing, but our consultants can provide you with advice. 

If you wish to find out more about our managed service offerings including our cyber security provision, or want to find out more about Cyber Essentials, get in touch today. 

Ready to protect your business?

If you want to discover more about Cyber Essentials or the setup you’ll need to meet the accreditations, get in touch with our experts today for a no-obligation chat.

Why switch your IT partner?

What can AI do for your financial software?

Why growing SMEs turn to Sage Intacct for their finances

Speak with us

Enter your details into the contact form below, and one of our experts will be in touch to arrange a time to speak.

Contact Details


If you’re an existing customer looking for support, please e-mail servicedesk@wearethinc.com, or visit our support page where you can download our remote support apps.