For an SME, What Should Be...
For many small and medium-sized organisations, improving cyber security can feel daunting, especially when formal standards start to enter the...
Read More
Many businesses have used it as a springboard for more advanced safeguards and staff training, embedding a culture of shared responsibility for cyber resilience. Recognition as Cyber Essentials Plus adds independent verification, boosting confidence among customers, suppliers, insurers, and partners, and often easing business relationships through the signalling of reliability and diligence. In fact, 82% of certified organisations report confidence that the controls provide protection against common cyber threats
Cyber Essentials is a foundational certification designed to help organisations implement basic cybersecurity measures. The certification process involves a self-assessment questionnaire that organisations complete, detailing their adherence to five key security controls:
Upon submission, a Cyber Essentials Certified Assessor reviews the questionnaire for completeness and correctness.
Cyber Essentials Plus builds upon the foundation set by Cyber Essentials by introducing an independent verification process. While it starts with the same self-assessment questionnaire, the key difference lies in the subsequent technical audit. An accredited certification body conducts internal and external vulnerability scans, tests system configurations, and assesses the effectiveness of the implemented controls.
This rigorous evaluation provides a higher level of assurance regarding an organisation’s cybersecurity posture.
The decision between Cyber Essentials and Cyber Essentials Plus depends on various factors, including the nature of your business, the sensitivity of the data you handle, and your cybersecurity objectives.
Cyber Essentials – Suitable for organisations looking to establish a basic level of cybersecurity hygiene and demonstrate a commitment to protecting against common cyber threats.
Cyber Essentials Plus – Recommended for businesses that require a higher level of assurance, particularly those in regulated industries or handling sensitive personal data. The independent verification adds credibility and can be advantageous when bidding for contracts or seeking partnerships.
Achieving either Cyber Essentials or Cyber Essentials Plus is a commendable step towards enhancing your organisation’s cybersecurity posture. However, it is essential to recognise that cybersecurity is an ongoing process. Regular internal audits, continuous monitoring, and staying informed about emerging threats are crucial to maintaining resilience.
By integrating cybersecurity best practice into your organisational culture and operations, you can better safeguard against evolving cyber threats and ensure long-term business continuity.
At AJC, we conduct Cyber Essentials and Cyber Essentials Plus audits from start to finish, providing end-to-end support including penetration testing. Our approach ensures organisations not only achieve certification but also gain a clear, expert view of vulnerabilities and practical guidance to strengthen their cyber resilience.
Contact us on 020 7101 4861 or email us at info@ajollyconsulting.co.uk if you think we can help.
Sources:
Cyber Essentials 10 years on – GOV.UK
Image accreditation: Getty Images from Unsplash.com+. Last accessed on 1st October 2025. Available at: https://unsplash.com/photos/blue-geometric-abstract-technology-and-science-background-NIak9LqUP9c
For many small and medium-sized organisations, improving cyber security can feel daunting, especially when formal standards start to enter the...
Read More
The GDPR requirement to report certain personal data breaches within 72 hours is one of the most widely cited obligations...
Read More
The Data (Use and Access) Act 2025 is being introduced in stages, with ICO guidance continuing to evolve alongside it....
Read More