Everything you need to know about the Cyber Essentials price change

Cyber Essentials Price Change

From Monday 24th January, the price of Cyber Essentials is changing. Here’s everything you need to know about what it means for your business.

What’s changing? 

For the first time since its creation seven years ago, the National Cyber Security Centre (NCSC) and certification body IASME have announced changes to the price of Cyber Essentials certification.

The change, which goes through on Monday 24th January 2022, includes several additions to the Cyber Essentials question set.

Why is the price of Cyber Essentials increasing? 

The world has changed dramatically since Cyber Essentials was launched seven years ago. Cloud services are now widely used, digital transformation has really taken hold and, of course, many of us are now doing some form of remote or hybrid working.

So, to help businesses better tackle these challenges, IASME and the NCSC have updated the requirements of Cyber Essentials certification. The update includes new requirements for:

  • Cloud services
  • Multi-factor authentication
  • Password management 
  • Security updates
  • Working from home

We’ve outlined all of the most important changes below.

Cyber Essentials Price Change
Cyber Essentials Price Change 2

These changes add an extra layer of complexity to certification, particularly for larger organisations. And the new pricing reflects the rigour involved in assessing bigger businesses.

What does this mean for you? 

First, it’s important to state that Cyber Essentials remains one of the best-value things a business can do to improve its cybersecurity. In fact, with the inclusion of the new requirements, Cyber Essentials offers better protection to SMEs than ever before.

In other words, the new look Cyber Essentials gives you more for your money while still remaining affordable for any business.

How is CyberSmart approaching the changes?

Up until 7th March 2022, we will continue to offer Cyber Essentials to all our customers and partners for the same price as before.

In other news, after listening to feedback from our customers,  we’re also launching our new CyberSmart bundles, containing the CyberSmart Dashboard, CyberSmart Active Protect and Cyber Essentials certification in one neat package.

These bundles contain everything your business needs to improve its cybersecurity and stay secure long after certification. To find out more, please get in touch at hello@cybersmart.co.uk or click here.

CTA button

The Cyber Essentials questionnaire: are you prepared?

In 2015, a research team at Lancaster University concluded that 99% of cyber risks could be avoided through following a set of surprisingly simple security measures. These measures, or controls, make up the basis of the government’s standard for security certification, Cyber Essentials, which is what we help businesses achieve here at CyberSmart.

However, there’s a lot you can do on your own to prepare yourself for the Cyber Essentials assessment or just to improve your general cyber hygiene around its guidelines. We’re going to walk you through some of the processes you will need to have in place when you complete the self-assessment for Cyber Essentials before it is reviewed by an assessor.

Keep in mind that the Cyber Essentials questionnaire is asking you to evaluate every device in your company (laptops, personal computers used for work, phones, the works) and whether it complies with the rules. If it is being used for work, it should be included.

Choose the most secure settings for your devices and software

☐ Know what ‘configuration’ means

☐ Find the settings of your device and try to turn off a function that you don’t need

☐ Find the settings of a piece of software you regularly use and try to turn off a function that you don’t need

☐ Read the NCSC guidance on passwords

☐ Make sure you’re still happy with your passwords

☐ Read up about two-factor authentication

Control who has access to your data and services

☐ Read up on accounts and permissions

☐ Understand the concept of ‘least privilege’

☐ Know who has administrative privileges to your data and on which machines

☐ Know what counts as an administrative task

☐ Set up a minimal user account on one of your devices

Protect yourself from viruses and other malware

☐ Know what malware is and how it can get onto your devices

☐ Identify three ways to protect against malware

☐ Read up about anti-virus applications

☐ Install an antivirus application on one of your devices and test for viruses

☐ Research secure places to buy apps, such as Google Play and Apple App Store

☐ Understand what a ‘sandbox’ is

Keep your devices and software up to date

☐ Know what ‘patching’ is

☐ Verify that the operating systems on all of your devices are set to ‘Automatic Update’

☐ Try to set a piece of software that you regularly use to ‘Automatic update’

☐ List all the software you have which is no longer supported

If you can follow this guidance now, you can pass certification quickly and with flying colours. If you struggle with any of them, CyberSmart has helped guide hundreds of SMEs of all sizes and experience through the same process, so feel free to get in touch. We offer a quick and simple step by step process so you can get Cyber Essentials certified today.

The business risk that’s more worrying than Brexit

News articles have continued to highlight the impact Brexit could have on UK businesses in 2020. With everything from visas to regulations and import taxes, businesses face a lot of uncertainty in the coming years.  

However, despite Brexit continuing as a hot topic in business media, surveys have found that it is not the most pressing issue on business leaders’ agendas. Instead, data protection topped the list

The first half of 2019 saw data breaches leave 4.1 billion records across the world exposed, and they are continuing to occur on an almost weekly basis in the UK. The rapid sophistication of cyber attacks is leaving an increasing number of UK’s businesses vulnerable to these potentially devastating breaches.

80% of CEOs concerned about cyber threat

PricewaterhouseCoopers conducted a recent survey to gauge the key areas of CEO uncertainty and how they are taking action to address them. The findings found that eight out of ten CEOs are concerned about the threats posed by a cyber attack. 

This concern emerges among a growing abundance of news stories reporting enormous data and security breaches at top companies and organisations, which end up costing them hundreds of thousands in compensation. 

One of the most publicised cases of 2019 was the British Airways breach in which the details of about 500,000 customers were stolen by hackers. As a result, BA was charged a fine of £183 million.

This is a corporate example, but even small businesses are at risk of fines for violating GDPR data protection laws. If you’re wondering if you’re GDPR compliant, CyberSmart offers a simple, non-technical path to GDPR certification.

The public wants to know businesses are protecting their data

Media coverage and market research make it clear that cyber attacks are only going to increase in frequency in 2020, both in the UK and the rest of the world. But this is not just an issue for CEOs. 

The media attention garnered by cyber attack stories have made data regulations and privacy a key issue amongst the general public, who place an increasing premium on companies that take protection of their data seriously.

It’s more important than ever to show that businesses showcase their cyber security certifications and GDPR compliance. 

Pressure from consumers has been further motivation for CEOs to consider data privacy and compliance with data regulations as two of their top issues. 57% of respondents to PwC’s report cited public fears over security as a key factor.

Cyber security starts at the foundation

However, 2020 is expected to see more CEOs focusing on the configuration of their business in order to meet the requirements of cyber resilience. In the increasingly digital landscape of the future, cyber security will no longer be an added feature for organisations to incorporate as an afterthought, but rather a critical feature to be in-built into a business’ infrastructure.

As cyber attacks continue to pose a significant threat to UK businesses in 2020, it has never been more important for companies to ensure they are compliant with data protection laws and agreements. 

CyberSmart several ways that even small businesses can take precautions against cyber threats. Our Cyber Essentials and Cyber Essentials Plus certification offers simplify the process of keeping businesses up to date with UK laws while CyberSmart Active Protect secures your company devices around the clock. 

In addition, we offer products for IASME GDPR compliance enabling you and your company to meet protection standards and have peace of mind in your service.

Four ways you can protect your customers

The information age has given businesses a new set of responsibilities for customer data that just didn’t exist before, including anything from basic name and address details all the way through to legally sensitive details, medical records and serious financial data. This has enabled major advances in everything from logistics to advertising and healthcare, but it’s also a major burden for companies – so how can you make sure you’re doing your best?

Change behaviours

While the tricks and tools that hackers use to get at your data are genuinely becoming ever more sophisticated, by far the most popular way to steal from you is with the good old fashioned confidence trick. Fake email solicitations, clones or mirrored websites and even the impersonation of trusted contacts can get your staff to hand over data voluntarily – so make sure a culture of suspicion is built into your workforce. Set up a secure inbox that staff can forward suspicious emails to, so IT can safely dispose of them, and make sure to train staff regularly to spot fraud.

Layer your defences

The holy grail of any hacker’s attacks is to get at not only the target of their crime but all your other data as well. While one file may not be enough to cause harm, it can be linked to other files that can be used cumulatively to carry out more serious attacks on people like identity fraud, so make sure you have several layers between other areas of your systems so one breach doesn’t cascade into several. It can also help to restrict access on a need to know basis, so accidental breaches simply can’t happen or ban things like portable disk drives just in case.

Trust the experts

While it’s totally possible to fashion your own defences, it’s hard to give your customer true peace of mind without some official credentials to back it up. Using software with IASME backed certification like Cyber Essentials or Cyber Essentials Plus ensures that you have the industry’s gold standard protection in place, and with the GDPR Readiness standard you can become GDPR compliant and showcase your efforts to world-class customer data security, which in turn can open doors to new contracts with companies who insist on only working with the most secure firms.

Keep your patches up to date

Another sadly common way that hackers access your systems is through known back doors in software that has been fixed but isn’t the latest version with repairs included. These obvious flaws are like gold dust to hackers who can just stroll right in, so it’s a good idea to get software like CyberSmart Active Protect that automatically detects old versions of operating systems as well as software vulnerabilities. Find out more.

CyberSmart is now available on G-Cloud 11

CyberSmart has become an official supplier on G-Cloud 11, a major government procurement framework. 

G-Cloud, created in 2014 by the Crown Commercial Service and Government Digital Service, makes government procurement easier, transparent and much more efficient, reducing the usual lengthy procurement processes from weeks/months down to days. It is straightforward and well guided.

After making it through a rigorous tender process, which ensured our products and services fit in with the needs of G-Cloud, we were confirmed as a supplier from July 2019, ensuring cybersecurity compliance and assurance are easily accessible to everyone on the framework.

The framework allows the central government, local authorities, NHS Trusts, Ministry of Defense and other public sector bodies (including agencies and arm’s length bodies) to access a central website and purchase cloud-based services. 

With CyberSmart Active Protect in G-Cloud 11, the tools are in place to ensure full cybersecurity compliance and assurance in public sector bodies and meet recognised cybersecurity standards across full organisations. 

From ensuring all devices are continuously compliant; to achieving certifications, often on the same day, such as Cyber Essentials, Cyber Essentials Plus or IASME GDPR Ready, the opportunity is now clear and much faster than before.

Jamie Ahktar, CyberSmart’s CEO said: “ Cybersecurity in the public sector is a matter of great concern, so we are happy to be able to provide our innovative platform and products, to support and safeguard key British organisations. Being included in G-Cloud 11 is yet another endorsement of CyberSmart’s platform, and is testament to our already successful and growing relationship with the public sector.

Can you purchase via G-Cloud 11? See here for government guidance or contact us.

Every device. Every user. Everywhere.

CyberSmart has a bold mission to protect and empower SMEs. In order to do so, we need to provide continuous compliance through the entire organisation. This is no small feat, as today’s organisations have diverse systems and modern ways of working. We are extremely excited to announce the next big step in our journey is now live.

A mobile world

The world has gone mobile, and SMEs are more than ever, relying on their mobile phones and tablets to do business. After all, they are pocket-sized computers, connected to fast mobile networks, with all the applications we need to be productive. The smartphone has allowed us to get the most out of these devices including handling and storing sensitive data, processing payments and communicating with others.

The ability to carry such devices in our pockets is driving growth and efficiency on a scale not seen before, allowing SMEs to do business, anywhere, everywhere. But like any internet connected device, this is leaving users open to mobile security threats.

Every device. Every user. Everywhere.

CyberSmart Active Protect is already protecting thousands of devices for hundreds of organisations in the UK, and now that protection and assurance can be deployed on mobile devices. Our new mobile application brings the best of our desktop app to every device in your organisation, securing every user, wherever they are, so your business can focus on what it does best, with peace of mind.

CyberSmart Active Protect

Active Protect checks mobile devices are configured to the recommended security practices, as per the requirements of Cyber Essentials. It guides users on how to protect the device and themselves. It also supports policy distribution to make sure users comply with their company’s internal policies. As it’s an app instead of a profile, it supports both user-managed and corporate provided devices.

cybersmart mobile app smart policy and phone security check

Why does my organisation need the mobile app?

  • Ensure all devices within the organisation are checked for compliance with Cyber Essentials, preventing potential cyber threats such as mobile spyware and malware.
  • Guides users through remediation if they need to address any issues.
  • Real-time information feeds back into the CyberSmart dashboard for a single view of compliance.
  • Allows users to read and agree on policies on their mobile devices.

What’s next?

The launch of Active Protect is just another step, albeit a very exciting one, in the CyberSmart journey towards our mission. Our team is focusing on rolling out many more advancements across our product range. This includes inspiring and educating SMEs on practices and strategies to combat cyber threats and further simplifying cybersecurity and compliance for organisations.

CyberSmart Active Protect is live in the following stores:

Cybersecurity standards explained

Cybersecurity standards

The cybersecurity sector is a crowded place when it comes to different standards, certifications, rules and regulations. It can also cause a lot of head-scratching and confusion for those not familiar with the best practice.

Founders and business owners often come to us and say they want to or have to get ISO 27001 certified. Hardly anyone knows when and how ISO 27001 makes sense for a small business and what other certifications can be achieved instead of ISO 27001 or used as a stepping stone towards achieving ISO 2700. Here is a brief overview of the most common cybersecurity standards in the UK: 

Cyber Essentials

In short, Cyber Essentials is a scheme designed by the UK government that aims to get all UK businesses to be able to manage their IT security to a certain level. It helps companies to implement basic levels of protection against cyberattacks, demonstrating to their customers and suppliers that they take cybersecurity seriously.

Established in 2014, the purpose of this standard is to develop necessary cybersecurity standard throughout an organisation. The standard is relatively technical and protects organisations from 80% of cyber-attacks. The most surprising factor we discovered as cybersecurity consultants was that most companies that had other standards, such as ISO 27001 or PCI-DSS implemented, would still fail under Cyber Essentials. The best use case for this standard is to implement it as a first defence and perimeter security before other standards are considered.

Cyber Essentials certification is a great first step towards GDPR. It serves as evidence that you have carried out basic steps towards protecting your business from internet-based cyber attacks.

Cyber Essentials Plus

Cyber Essentials Plus is the audited standard of Cyber Essentials. Besides including some additional controls, the implementation needs to be assessed by a Cyber Essentials Plus auditor. This obligatory audit creates additional trust in the standard and it is safe to assume that once Cyber Essentials is well-established, Cyber Essentials Plus will increasingly become mandatory.


This standard goes far beyond Cyber Essentials and can be described as a “mini version of ISO 27001:2017”. Together with the government, IASME developed this standard in order to create an easily adaptable and affordable alternative to ISO 27001. The IASME standard is specially tailored towards SME’s and includes processes, people and technology. In May 2018 both IASME standards will be expanded to include GDPR readiness. Both IASME standards require Cyber Essentials as part of the readiness as well. Similarly to cyber essentials, the IASME standard can serve as proof to customers and suppliers that their information is being protected. It is provided alongside the cyber essentials certification. There are two types: the standard self-assessment and the Gold standard, which requires an audit onsite.


ISO 27001 is an international information security standard. Including far over 100 controls the standard is frequently implemented by corporations or businesses dealing with critical infrastructure or the public sector. ISO27001 covers areas that include security policies, access control, operations security, human resources, cryptography and compliance. It does not cover GDPR*. However, an organisation can voluntarily include GDPR in their ISMS (Information Security Management System). 

*A note on GDPR: GDPR is NOT a standard, it’s a law, so we’ve excluded it here. 

If you have any questions about Information Security Standards or Cyber Security in general or just want to have a chat, drop us a line at hello@cybersmart.co.uk.

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

CTA button

Introducing the new Cyber Essential Standard

Easier, better and more cloud-friendly

Almost three years after its inception, the UK Government has released the first update to the Cyber Essentials Scheme. The new standard aims to increase the adoption rate amongst businesses by making the guidelines more relevant and easier to understand.


Easier, better and more cloud-friendly

Almost three years after its inception, the UK Government has released the first update to the Cyber Essentials Scheme. The new standard aims to increase the adoption rate amongst businesses by making the guidelines more relevant and easier to understand.


Is Cyber Essentials really effective?

GDPR compliance

The Cyber Essentials scheme was developed by the UK Government. The scheme provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common Internet-based threats. The Government believes that implementing these measures can significantly reduce an organisation’s vulnerability. Many companies, however, do not implement these controls, and in the past, this has led to serious security breaches.


The Cyber Essentials scheme was developed by the UK Government. The scheme provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common Internet-based threats. The Government believes that implementing these measures can significantly reduce an organisation’s vulnerability. Many companies, however, do not implement these controls, and in the past, this has led to serious security breaches.