Cyber Essentials

Cyber Essentials banner

APMG Cyber Essentials is the quickest and most secure way to get certified

ONLY £300 

Cyber Essentials is an industry supported certification scheme developed by the UK Government. The certification scheme provides criteria for organizations to measure their cyber-security systems by measuring and implementing 5 key controls, that can prevent 80% of cyber attacks.

Why should you get a Cyber Essentials certification?

The government's Cyber Essentials page states: "Cyber criminals don’t just attack banks and large companies - they target any organisation which isn’t properly protected, even small businesses - like yours".  

Cyber Essentials has numerous benefits for organisations looking to acheieve certification to the scheme.


It's cost-effective.  The standard cyber essentials certification with APMG will always be £300+Vat.  When seeking out cyber insurance, a cyber essentials certificate for your organisation can significantly lower your premium. 

It's government endorsed.  Cyber Essentials is a government endorsed certification scheme, which allows your organisation to bid for government contracts. We've seen an exponential increase in organisations making Cyber Essentials mandatory for their supply chain, especially for government sectors such as the Ministry Of Defence (MOD) or the Nuclear Decommisioning authority (NDA).

Stand out from your competitors.  By displaying the certification badge on your website, you are demonstrating to your clients that your organisation has met government standards to ensure measures in place for keeping the clients' information secure.

Meet the new  EU General Data Protection Regulation (GDPR) requirements. When the new GDPR rules reach the UK, organisations can be fined from the EU 4% of their annual global turnover if they suffer from a breach. Cyber Essentials implementation will help organizations meet the requirements.

Why was Cyber Essentials introduced? 

The cyber space climate is such that instances of cyber security breaches are becoming increasingly frequent.  Many organizations are making the wise move of implementing controls such as ISO27001 - but such efforts only constitute a single aspect of an over-arching cyber security strategy. 

Cyber Essentials has been developed to address the need for government and wider industry to ensure that their partners and suppliers are implementing a standard level of cyber security. Certification in Cyber Essentials not only instils confidence in the organization achieving certification – but allows the organization to provide evidence to its customers and stakeholders that their assets and data are resilient against cyber threats. 

Which controls does Cyber Essentials cover? 

Cyber Essentials covers five key controls: 

•    Boundary firewalls and internet gateways – prevention of unauthorized access 
•    Secure configuration – ensures secure system configuration 
•    Access Control – ensures appropriate access to systems 
•    Malware protection – installation and maintenance of virus and malware protection 
•    Patch management – application of patches and ensuring the latest version of applications is used 

What levels of Cyber Essentials are available? 

There are two levels of Cyber Essentials certification available, the standard Cyber Essentials certification and Cyber Essentials Plus.

Cyber Essentials certification will provide a basic level of confidence that an organization has implemented cyber security controls effectively. 

Cyber Essentials Plus builds on the Cyber Essentials foundations. Certification at this level tests whether the organization’s implemented controls are sufficient to protect against internet based threats. Achieving Cyber Essentials Plus certification is more challenging than achieving the standard Cyber Essentials certification, and includes a pen test to provide a higher level of assurance that the organization’s cyber assets are secure. Certification is valid for 12 months. 
The standard Cyber Essentials certification must already be held in order to apply for Cyber Essentials Plus certification. 

What are the benefits of Cyber Essentials certification?

• Provides cost-effective, basic cyber security for organizations of all sizes 
• Demonstrates that an organization meets one of the eligibility requirements when bidding for UK Government contracts 
• Can reduce the risk of prevalent cyber-attacks on an organization 
• Differentiate yourself from your competitors by demonstrating that you take cyber security seriously 

The Defence Cyber Protection Partnership (DCPP) advocates Cyber Essentials as the first or four levels of Cyber risk. To cover all four levels, read about our Cyber Defence Capability Assessment Tool (CDCAT) which covers the Cyber risk level to 'high'.


  • How do I get a Cyber Essentials badge for my organisation? Updated: 01/11/2017
  • How long does the certification last for? Updated: 01/11/2017
  • How do I know what will be in scope for my cyber essentials assessment? Updated: 26/02/2016
  • Who needs to complete the online CE Application? Updated: 01/11/2017
  • Who needs to authorise the completion of the questionnaire? Updated: 26/02/2016
  • Who should be on the telephone interview to review the questionnaire? Updated: 26/02/2016
  • Will Cyber Essentials stop me getting hacked? Updated: 26/02/2016
  • I do not operate my own ISP / have a server, just a laptop / desktop. Is Cyber Essentials suitable for me? Updated: 26/02/2016
  • Will the certification body help me fix any issues or prepare for the Cyber Essentials assessments? Updated: 04/12/2016
  • How long will it take me to complete my Certification?

Why choose apmg

  • APMG services focus on high-quality. 
  • APMG is accredited by the United Kingdom Accreditation Service (UKAS).
  • APMG has heritage in the cyber security field.
  • APMG is the only certification body providing GCHQ Certified Training assessments.


Interested in becoming a certification body?

We’re looking for new partners!

APMG Certification Bodies (CBs) are directly responsible for independently verifying and assessing organisations’ cyber security controls so that they meet the requirements of the Cyber Essential scheme.

As a Certification Body your organisation will be responsible for assessing all organisations who wish to meet the criteria of the Cyber Essentials scheme through our new online portal.

If you require further assistance on becoming a Certification Body, then please contact us.

  • Why APMG?
  • What are the Costs/Benefits?
  • What are the requirements for being an APMG Certification Body?
  • I'm ready for my organisation to become an APMG Cyber Essentials Certification Body, how do I start?
By submitting this form, you accept the Mollom privacy policy.