Cyber Essentials

Cyber Essentials is a Government-backed, industry supported scheme to help organisations protect themselves against common cyber-attacks.


According to the UK Government, 80% of cyber-attacks could be prevented if organisations put simple cyber security controls in place.

The scheme identifies fundamental security controls that organisations should have in place to secure themselves against common cyber threats.

The benefits of becoming Cyber Essentials certified   

Protect your organisation against common cyber threats

Reassures customers that you take cyber security seriously

Provides an opportunity to tender for business

Helps protect company assets and IP

Can reduce insurance premiums

Helps meet GDPR requirements

Cyber Essentials Packages

There are two types Cyber Essentials certification – Basic (stage 1) and Plus (stage 2):

Cyber Essentials Basic

from £299.99
  • Demonstrate Your Commitment to Security
  • Assessment by cyber security experts
  • Reassure customers your IT is secure against cyber attacks
  • Attract new business with the promise you have cyber security in place
  • A clear picture of your organisation’s cyber security level

Cyber Essentials PLUS

  • All Cyber Essentials Basic features
  • On-site security vulnerability assessment
  • Meet security requirements of advanced government contracts
  • Includes cyber essentials self assessment
  • Report highlighting any major scheme non-compliances
  • Full assessment report and cyber essentials plus certificate issued

Not ready to be Certified?

Use our free advice on 5 ways to protect your organisation

Read our advice


Cyber Essentials Plus also includes authenticated vulnerability scans of the organisation’s workstations and mobile devices and this additional phase of testing increases the validity of the certification considerably by providing evidence of compliance against the following scenarios:

  • Can malicious files enter the organisation from the Internet through either web traffic or email messages?
  • Should malicious content enter the organisation, how effective are the anti-virus and malware protection mechanisms?
  • Should the organisation’s protection mechanisms fail, how likely is it that the organisation will be compromised due to failings in the patching of the organisations workstations?

The Plus certification is a more thorough assessment of the organisation and, as a result, may provide greater security assurance.

Cyber Essentials Basic is included as part of the Cyber Essentials Plus certification, so there is no need to purchase the Basic certification, if you are going straight for the Plus.

This depends on the certification body that you used for the Basic assessment and how recent the certification is. However, in most cases we can use the questionnaire already completed without having to start again. We offer upgrade paths at a discounted cost if you already hold the Basic certification.

For Basic certifications we will perform a retest free of charge once you have rectified any issues.

For Plus certifications we will reassess the questionnaire and re-run the external vulnerability scan free of charge, however we will need to charge if we need to revisit your premises to rerun the internal assessment.

Certifications do not expire, however it is recommended to re-certify every 12 months to ensure your environment and processes are secure.

Once you have obtained your certification from Armadillo Sec, you will receive the following:

  • PDF of your certificate
  • Compliance report – this details all findings and if any issues exist, recommendations are included on how to resolve these
  • Colour and black and white high resolution logos, for use on your website or marketing materials
  • Logo branding guidelines – guidelines on how to use the logos

Additionally, Armadillo Sec will provide you with our exclusive certification pack so that you can display your certification status and your commitment to cyber security. This includes:

  • High resolution printed certificate
  • Congratulations letter
  • Cyber Essentials sticker pack

All Cyber Essentials certifications require organisations to complete a questionnaire to self-certify on the organisation’s security controls and configurations, however CREST Certifying Bodies also conduct a remote vulnerability scan to validate elements of the questionnaire.

Absolutely, the assessment is not just limited to Microsoft Windows operating systems. If your end users are using Apple Macs or Linux, then you can achieve the certification.

If you have multiple UK or even Global offices, you can certify just one office or just the UK office if you wish. The certification scope is then limited to that one office and the certificate would state the office that is certified, rather than the entire company.

Protect your business against common cyber-attacks by becoming Cyber Essentials certified;
click “Book a free consultation”, enter your details & one of our team will be in touch to arrange a free Cyber Essentials consultation