Cyber Essentials is one of the most cost-effective ways to boost your organisation’s information security. But, what does Cyber Essentials cost?
Designed to help organisations address common weaknesses, it can prevent them spending lots of money overhauling their cyber security defences.
In this article, we explain the costs involved in Cyber Essentials certification, including consultancy fees, renewal and advancing to Cyber Essentials Plus. We also will discuss the new standard published recently which raises the bar for certification.
Cyber Essentials Cost
IASME, the certification body that oversees Cyber Essentials certification, charges £300 plus VAT for an assessment. However, organisations must also factor in the costs of preparing for the assessment and aligning their practices with the scheme’s five controls:
- Patch management;
- Anti-malware software;
- Access controls; and
- Network configurations.
Applying the relevant controls won’t be particularly expensive, but they will take time and expertise to embed within your systems and processes. This is something many organisations overlook when implementing Cyber Essentials, which is why we advise hiring a consultant. If you don’t, you risk failing your certification project and having to do it all again.
Our Cyber Essentials services provide all the guidance you need.
Whether you need to some assistance or a complete certification package, our team will support your certification project. We will provide the necessary documentation, policies and procedures, and technical assistance to assure certification.
Cyber Essentials Plus Cost
Organisations seeking a higher level of security should consider Cyber Essentials Plus. The certification process comprises a technical audit of your systems, an external vulnerability assessment, an internal scan and an on-site assessment. To be eligible, you must complete the audit within three months of your Cyber Essentials certification. Alternatively, you complete both assessments simultaneously.
The cost of preparing for Cyber Essentials Plus will vary. This will depend on the size and complexity of your business .
Cyber Essentials certificates are valid for 12 months. Therefore, you are required to review your practices and renew your certification annually. IASME will email you a month before your certificate expires. However, if you use our Cyber Essentials package, you need not worry. We will take care of everything for you. Our full service ensures that you’re ready to renew your certificate each year.
Not Certifying – the true Cost
With Cyber Essentials you can reduce this risk. Organisations that certify to the scheme will prevent 80% of common cyber-attacks. These include the most damaging such as malware and ransomware.
For example, the UK government requires any potential partner to have Cyber Essentials certification, and many other organisations expect the same. You should anticipate conditions such as this to become the norm over the next few years, as organisations realise the importance of effective information security throughout the supply chain.
The question therefore isn’t so much whether you can afford to certify to Cyber Essentials. The question is whether you can afford not to. Have you considered this in your business risk profile?
So, where do you go from here? Why not talk to us?
If you want to discuss the answer to that question, or any other to cyber security or regulation, why not call us? We can be found on 0333 22 1011 or firstname.lastname@example.org. Alternatively you can contact us here.