Secure 0118 359 2220 Get Started

Press ESC to close or Enter to search

Popular Pages
Managed IT Cyber Security Case Studies Pricing Contact
Home
About Us
Services
Managed IT Services Cyber Security & Compliance Microsoft 365 Cloud & Hosting Backup & Disaster Recovery Connectivity & Telephony Incident Response & 24/7 IT Support Reading
Pricing
Tools
Domain Health Check About You Password Generator
Resources
Case Studies Threat Intelligence Blog & Insights Guides FAQs Customer Portal Remote Support
Contact
Get Started
Live Security Feed
Your IPDetecting...
NCSCUK organisations urged to strengthen cyber defences ALERTPhishing attacks targeting Microsoft 365 users on the rise CISACritical vulnerabilities identified in popular software NEWSRansomware groups increasingly targeting SME businesses NCSCNew guidance released for securing remote workers ALERTBusiness email compromise attacks cost UK firms millions CISAZero-day exploits require immediate patching attention NEWSAI-powered threats becoming more sophisticated in 2025 NCSCUK organisations urged to strengthen cyber defences ALERTPhishing attacks targeting Microsoft 365 users on the rise CISACritical vulnerabilities identified in popular software NEWSRansomware groups increasingly targeting SME businesses NCSCNew guidance released for securing remote workers ALERTBusiness email compromise attacks cost UK firms millions CISAZero-day exploits require immediate patching attention NEWSAI-powered threats becoming more sophisticated in 2025
View Dashboard
Compliance

What Is the Difference Between Cyber Essentials and Cyber Essentials Plus?

Quick Answer

Cyber Essentials is self-assessed. Cyber Essentials Plus is independently verified by a technical assessor. CE Plus proves your controls actually work, not just that you claim they do.

The Key Difference

Cyber EssentialsCyber Essentials Plus
Assessment typeSelf-assessment questionnaireTechnical verification
Who checksYou answer questionsAssessor tests your systems
What it provesYou've thought about securityYour controls actually work
Cost£300-400£1,200-2,500
Time2-3 weeks4-6 weeks

What CE Plus Testing Includes

An assessor will actually probe your systems:

  • Vulnerability scan of external-facing systems
  • Configuration checks on a sample of devices
  • Simulated phishing to test email controls
  • Verification that patches are current and MFA is working
This isn't box-ticking. They're checking whether your security works in practice.

Which One Do You Need?

Cyber Essentials (basic) is fine if:

  • You want baseline certification for general credibility
  • Your customers don't specifically require CE Plus
  • You're just getting started with formal security
Cyber Essentials Plus is required if:
  • You're in the defence supply chain (DEFCON 658 mandates it)
  • Your customers specifically ask for CE Plus
  • You want to prove your security, not just claim it
  • You're bidding on government contracts with data handling
Our take: If you're going to do it, do CE Plus. The extra cost is modest, and it's far more credible. Anyone can fill in a questionnaire.

The Real Difference

Basic CE asks: "Do you have MFA enabled?"

CE Plus checks: "Is MFA actually enabled on these accounts, right now?"

That gap between policy and reality is exactly where breaches happen.

Related Questions