Browse our certifications
Find training
Open page navigation
Cyber Security

Confused about which level of Cyber Essentials to apply for?

Cyber Essentials Basic vs Cyber Essentials PLUS Breakdown

An abundance of organisations approach us for advice about when to apply for Cyber Essentials vs Cyber Essentials PLUS. This can be confusing and we’re going to clarify which might be the best solution for you.
 

What is Cyber Essentials?

Cyber Essentials is a security standard backed by the UK Government. It is frequently requested by government and private tenders to demonstrate that your organisation has taken best practice steps to protect sensitive information, like financial information and customer data, against the most common cyber attacks.

By implementing the controls outlined by Cyber Essentials you can your organisation from around 80% of attacks.

The differences between Cyber Essentials BASIC and Cyber Essentials PLUS

Cyber Essentials BASIC is a self-certification. This means that you’re asked to supply answers to a questionnaire (with evidence) and the application is marked by our certification body Capula, and assessed by IASME.

Cyber Essentials PLUS is the highest level of certification and is a more rigorous test of your organisation's security systems. It involves an external vulnerability scan carried out by cyber security experts who will check how robust they are against basic hacking. This means that one of our certification bodies will visit your office, or in some cases it's possible to do this online, and perform a test that is in line with the Cyber Essentials requirements. 

 

When you need Cyber Essentials Basic and Cyber Essentials Plus

This depends on your motivations for seeking out certification in the first place: are you looking to show your customers that you take data protection seriously? Are you looking for certification because it is required to meet a contract/supply chain criteria? another reason?

When bidding on a contract/procurement/tender

Procurement tenders, especially if they are involved with the public sector, will ask for Cyber Essentials as a minimum. If they haven’t specified which level of Cyber Essentials, it usually means they only require the basic level.

When looking for your own internal reasons

If you want to demonstrate that your organisation is compliant with Cyber Security and takes data protection seriously - then Cyber Essentials PLUS is the obvious choice. Companies that hold sensitive data should always seek out PLUS certification, especially if they are involved in sectors that are frequent subjects of Cyber Attacks. However, this is not always cost efficient for SMEs and for some companies, the basic certification is sufficient.

As an IT Support/ Managed Service Provider

If your clients are asking for your help with Cyber Essentials certification, your organisation should really be certified to at least the level that they are asking for help with, especially considering you could be a gateway to your customers’ data.

 

If you have ISO 27001 certification, do you still need Cyber Essentials/Cyber Essentials PLUS?

Yes, and no – it depends. If a client has requested your organisation to be Cyber Essentials certified, a 27001 certification will not satisfy this request. 27001 is a more comprehensive certification, whereas Cyber Essentials ensures that the core elements of your security are up to National Cyber Security Centre (NCSC) standards. Again, this would depend on your motivations; certification in 27001 does not guarantee compliance in Cyber Essentials.

How the pricing works for both levels

At APMG, Cyber Essentials basic is available for £360 from the APMG Store. This is a self-service questionnaire.

Cyber Essentials PLUS assessments are available from £1674 from the APMG Store. This includes questionnaire and vulnerability scan. 

 

RELATED PRODUCTS

Leopard

CDCAT® - Cyber Defence Capability Assessment Tool

Unrivalled in the NIST Cybersecurity Framework maturity, cyber risk quantification and much more

View more

DVMS Institute - NIST Cybersecurity Framework

Teaching organizations of any size, scale, or complexity an Affordable, Pragmatic, and Scalable approach to facilitating secure, resilient, and auditable digital outcomes.

View more
CDCAT® Classic Assessment

CDCAT® Classic Assessment

Our cyber security risk assessment helps you identify the cyber risks facing your business and make an action plan.

View more
Close

Certifications & Solutions

Accredited Training Organizations

Leadership

Accredited training providers

Certifications & Solutions

Select any filter and click on Apply to see results