What is the difference between Cyber Essentials and Cyber Essentials Plus?

You may have already achieved Cyber Essentials certification. This is a government-backed scheme that shows that you are adhering to fundamental safeguards. But did you know that there is also a separate Cyber Essentials Plus accreditation?

As cybersecurity experts, we don’t expect you to know the difference between the two.

However, with our help and support, we promise that we can install the most appropriate levels of cyber protection for your business.

The NFIB Fraud and Cyber Crime Dashboard provided by Action Fraud provides a detailed analysis of how prevalent cybercrime is across the region.

We filtered the dashboard to see how many reports related to cybercrime were reported to the police between 01 March 2024 and 28 February 2025. We specifically looked at the data for the following police forces – Bedfordshire, Cambridgeshire, Essex, Hertfordshire, Norfolk and Suffolk.

What we discovered was astonishing.

During the last twelve months, a total of 6,909 reports relating to cybercrime (personal and organisations) were reported to police forces across the East of England. This resulted in reported financial losses of £683k.

Of those reports, 198 were reported by businesses just like you. In total, organisations have suffered reported losses of £11.3k, which is devastating for our local economy.

The stats confirmed that reports were broken down as follows:

This shows us that cybercrime is very much widespread in our local area.

Hackers are actively targeting small and medium-sized businesses in Suffolk, Norfolk and Essex (and the rest of the East of England) because they know that those companies are less likely to have active cyber defences in place.

We work hard to protect businesses like yours from these threats.

As Ipswich’s leading cybersecurity experts, we know what defences you need to put into place to protect your business, your data and your staff from harm.

And it all begins with Cyber Essentials.

It is managed via a self-assessment questionnaire, which covers five key controls.

Your questionnaire will be submitted to IASME (Information Assurance for Small and Medium Enterprises) for review. This is the official government partner for managing the scheme. Their review process will confirm that you are actively working to address all five controls effectively.

If this sounds too complicated for you, it shouldn’t be.

You can prepare for your self-assessment in advance by downloading the official Question set and standard from the IASME website.

To make the process even easier for you, as Cyber Essentials experts, our team of professional engineers can handle your application for you from start to finish.

“Companies with the Cyber Essentials controls in place are 92% less likely to make a claim on cyber insurance than organisations without.”

Chris Ensor, Deputy Director, National Cyber Security Centre, 10 years of Cyber Essentials

It worries us that not enough Suffolk businesses are actively protecting themselves through Cyber Essentials certification.

This could be because they are unsure what they need to do, how much it would cost, or do not understand the business benefits of a Cyber Essentials certificate.

The cost of Cyber Essentials will depend on your business size, but it has been explicitly designed to be affordable, with minimum pricing starting from £320 + VAT. Once you have achieved your certificate, you will be eligible to apply for any public sector tender (and therefore take advantage of new areas of business growth), and you could also find that it reduces your insurance premiums.

We firmly believe that every business in Suffolk (and across the borders in Essex, Norfolk and Cambridge) should apply for Cyber Essentials. It’s your guarantee that you have put in place the minimum standards of security as set out by the National Cyber Security Centre (NCSC).

This is a secondary layer of protection, which includes external verification of your system security settings. This technical audit goes beyond the initial self-assessment questionnaire to confirm that you are putting strict measures in place to protect your business.

The audit can be managed remotely or via an on-site visit. You can expect the auditor to confirm that all business locations are adhering to the same cybersecurity protocols.

Typically, an independent auditor will likely perform a number of tasks, such as:

Unlike the Cyber Essentials assessment, to pass the more robust Cyber Essentials Plus certification, you must achieve a 100% pass rate on your evaluation. If there are any areas of non-compliance, you will have 30 days to rectify the issues.

We know that we may have bombarded you with information.

There’s a lot to take in, and cybersecurity can be a never-ending topic of discussion.

To help you understand Cyber Essentials vs Cyber Essentials Plus, here’s a quick visual guide.

We’ve covered a lot in this article – but one thing is clear. Cybersecurity defences need to be proactively managed and maintained to ensure that your business remains alert, resilient and protected.

As we’ve explained, the local impact of cybercrime is extensive. There will always be new threats emerging.

The great news is that Cyber Essentials and Cyber Essentials Plus will give you the resilience you are looking for.

According to the National Cyber Security Centre (as reported in their 10 years of Cyber Essentials report), the results speak for themselves.

If you’re still keen to read more, why not read our blog article “Is Cyber Essentials worth the investment for small businesses?”. Alternatively, why not download our step-by-step guide, which explains everything you need to know about “How to achieve Cyber Essentials certification”?

Or call us on 01473 355199

As Technical Director, Karl is our most senior engineer and responsible for delivering solutions and providing support to our 2nd and 3rd line engineers ensuring that they can resolve any technical issues reported by our clients.