CYBER ESSENTIALS PRICE CHANGES

The National Cyber Security Centre (NCSC) and IASME have recently announced a change to the pricing structure of Cyber Essentials. To reflect the increasingly complex nature of assessments for larger organisations, from 2nd April 2024, Cyber Essentials will adopt a new tiered pricing structure.

This will be the first change in pricing since the scheme was originally launched seven years ago. Micro businesses will continue to pay the current £320 +VAT assessment charge while small, medium, and large organisations will pay a little more that reflects the complexity involved in their assessments.

The new structured pricing is detailed in the below table:

Basic Package:

\

Micro organisations (0-9 Employees)

£320 + VAT

\

Medium organisations (50-249 Employees)

£500 + VAT

\

Small organisations (10-49 Employees)

£440 + VAT

\

Large organisations (250+ Employees)

£600 + VAT

\

Micro organisations (0-9 Employees)

£320 + VAT

\

Medium organisations (50-249 Employees)

£500 + VAT

\

Small organisations (10-49 Employees)

£440 + VAT

\

Large organisations (250+ Employees)

£600 + VAT

Supported Package:

\

Micro organisations (0-9 Employees)

£520 + VAT

\

Medium organisations (50-249 Employees)

£700 + VAT

\

Small organisations (10-49 Employees)

£640 + VAT

\

Large organisations (250+ Employees)

£800 + VAT

In addition to the pricing change there will also be an updated set of requirements to the Cyber Essentials scheme which will go live from the same date. This will be the largest overhaul of the scheme’s technical controls since the original launch in 2014 and is a direct response to the evolving cyber security challenges that organisations now face.

The update incorporates changes to the use of cloud services, home working, multi-factor authentication, password management, security updates and more. The controls have been updated with input from NCSC subject matter experts and to better align Cyber Essentials with other initiatives and guidance, including Cyber Aware.

Any assessments already underway, or that begin before that date, will continue to use the current technical standard, meaning that in-progress certifications will not be affected. Organisations using the current standard will have six months from 2nd April to complete the assessment.

IASME have detailed the changes to the scheme on their blog which can be found through here.


 

If you require any assistance or advice Solutions 4 IT are happy to discuss your requirements, call our experts today and we will advise how best to streamline your certification process.

Statistic Source: Hiscox

A Small business in the UK is successfully hacked every 19 seconds…

Cyber criminals don’t just target large corporations – more often they target smaller businesses, exploiting any weaknesses in IT security, infrastructure and software.

Cyber Security FAQ

Cyber criminals don’t just target large corporations – more often they target smaller businesses, exploiting any weaknesses in IT security, infrastructure and software.

Why Should we get Cyber Essentials Certified?

Becoming Cyber Essentials certified has several benefits. This also depends on the industry sectors you work within, for example some government contracts require Cyber Essentials certification as a minimum.

Being Cyber Essentials certified confirms to others you are addressing cybersecurity effectively and mitigating the risk from internet-based threats and have met the standards set by the Cyber Essentials scheme. Certification will give assurance to stakeholders that you demonstrate compliance to the FIVE key controls, protecting your organisation against cyber threats and this reassurance may help with winning new business, while also safeguarding your current business

Key Benefits of Cyber Essentials Certification?

Protects your Business against the majority of common cyberattacks and demonstrates to stakeholders your commitment to keeping their data secure and your business operational. This can increase business retention and attract new business.

Increases the level of security of your systems and data, and puts processes in place to ensure this level continues – if not improves year on year. This helps to drive business efficiencies which in turn improves productivity through streamlined processes, reducing operational costs.

Allows you to work on UK government contracts that involve the handling of personal and sensitive information.

Reduces your insurance premiums by being able to prove your Business has increased its resilience to cyber threats

Should I choose cyber essentials or cyber essentials plus?

This depends on the needs of your organisation, and also why you are putting it in place. For example if you are looking to work with the public sector on government contracts then they will ask for Cyber Essentials as a minimum. If you want to demonstrate that your organisation is compliant with cybersecurity and takes data protection seriously, then you may also want to achieve Cyber Essentials Plus certification.

How do I get cyber essentials certified?

Become Cyber Essentials certified through these simple steps:

  1. Order Cyber Essentials certification through our website
  2. One of our CE Auditors will contact you and talk you through the requirements and answer any questions for you
  3. Complete the online self-assessment
  4. Once submitted this will be reviewed by an assessor. If you are successful you will be issued with cyber essentials ceritification
Where can I get details on the full requirements of the cyber essentials scheme?

Further details on Cyber Essentials and the Cyber Essentials Plus scheme can be found at the  National Cyber Security Centre website.

Can I get the self-assessment questions before I pay for an assessment?

Yes, you can download a copy from the IASME website here, and further guidance is available from the National Cyber Security Centre here.

How is the Cyber Essentials assessment verified?

Once you’ve submitted and signed off your assesment a qualified assessor will then evaluate the responses against the criteria. If you meet the FIVE core requirements, you will pass and receive certification.

Who is IASME?

IASME is the chosen organisation by the National Cyber Security Centre (NCSC) to take over full responsibility for Cyber Essentials delivery and become the Cyber Essentials Partner with the NCSC.

IASME also deliver the IASME Governance standard which allows smaller companies in a supply chain to demonstrate their level of cybersecurity cost-effectively to show that they are taking the steps to properly protect their customers information. Solutions 4 IT are a Certification Body for IASME for Cyber Essentials, Cyber Essentials Plus and IASME Governance.

If we fail will we get feedback about why we failed?

Yes you’ll get feedback, we will supply a report with the answers you gave along with the assessor feedback. This will help you improve your security so you can achieve certification in the future.

Latest Cyber Security News