Stepping up to Cyber Essentials Plus

Is your business looking to become Cyber Essentials certified? The first challenge you’ll likely face is deciding whether to opt for the standard Cyber Essentials certification or go for the more in-depth Cyber Essentials Plus.

What is Cyber Essentials Plus?

Cyber Essentials Plus is more in-depth than the standard Cyber Essentials certification and provides a much greater level of security assurance.

This extra level of scrutiny is an excellent way for a business to clearly demonstrate to its partners and customers that it has gone the extra mile to secure the key areas that face cyber risks.

Attaining the certification also ensures that suitable access privileges to sensitive data and systems are in place and secure from malicious actors. Employees too, cannot access sensitive areas that they shouldn’t, greatly reducing the insider threat risk.

The Differences between Cyber Essentials and Cyber Essentials Plus

There’re a few differences between standard Cyber Essentials and Cyber Essentials Plus.


Basic Cyber Essentials is a great starting point but the self-assessment questionnaire will not highlight an organisation’s cybersecurity issues. To address these, you need to get your hands dirty.

The biggest difference between the two is the need for an independent assessment of your businesses security controls in order to verify that there are sufficient controls in place. This makes Cyber Essentials Plus more effective when it comes to cybersecurity as it cannot be achieved just by filling in a self-assessment form where the person filling it out could make a mistake.

If you need to demonstrate that your business takes cybersecurity and the protection of your customers’ and partners data seriously, then Cyber Essentials Plus is the better option. Cyber Essentials Plus is also the better option for organisations such as law firms and those that hold sensitive client and customer data.

It also makes sure that a business is protected by effective and regularly updated antivirus software, a firewall is in place and effective patch management is utilised. Essentially, it takes an in-depth look as to whether a business is implementing the cyber security basics.

Cyber Essentials Plus goes the extra distance to also ensure that mobile devices are protected in the event of a cyber-attack and helps reduce the chance of successful phishing and social engineering attacks.

If you want to go further in taking your cybersecurity to the next level Cyber Essentials Plus is the way to go.

For Further Reading

What is Cyber Essentials and why should you get it?

The Business Benefits of Cyber Essentials Certification

Get the cyber security basics – Get Cyber Essentials certified

Follow XQ Cyber on FacebookTwitter and LinkedIn and join the CyberScore community