Publish date: 26.06.25

Cyber threats aren’t just a concern for big enterprises. Small and mid-sized businesses are often more vulnerable — and cybercriminals know it. Yet, only 14% of UK SMBs are Cyber Essentials certified.  That means 86% are leaving themselves open to common, preventable cyber threats. It’s time to change that — and Cyber Essentials can help.

Cyber Essentials Logo 2

What is Cyber Essentials?

Cyber Essentials is a government-backed certification that helps protect your business against the most common cyber threats — including phishing, malware, and unauthorised access.  It’s built around five key security controls that every organisation should have in place, regardless of size or sector.  It’s practical, affordable, and widely recognised across both the public and private sectors — making it a smart first step in building stronger cyber resilience.

Why Cyber Essentials Matters

Cyber Essentials is more than a checkbox. It’s a business enabler that helps you:

  • Win more contracts — required for many public sector and supplier opportunities
  • Build trust — show customers and stakeholders you’re serious about security
  • Protect your business — block the majority of common cyber attacks
  • Reduce costs — including potential cyber insurance premiums
  • Improve awareness — strengthen your security culture company-wide

What You Need to Pass: The 5 Key Controls

To get certified, your business must meet five core technical controls:

1. Firewalls
Use boundary firewalls to protect internet access and block unauthorised connections.

2. Secure Configuration
Change default settings, remove unnecessary features, and close security gaps in devices and software.

3. User Access Control
Limit access, enforce strong passwords, and restrict admin rights to those who truly need them.

4. Malware Protection
Use up-to-date anti-malware tools or application whitelisting to stop malicious software.

5. Security Update Management
Apply the latest patches and security updates — automatically where possible.

Cyber Essentials Plus

Cyber Essentials Plus: Go a Step Further

Cyber Essentials Plus includes everything in the basic certification, but adds a hands-on audit by a certified assessor. This means:

  • Internal and external vulnerability scans
  • Testing your real-world defences (e.g. phishing, browser safety)
  • Reviewing patch management, anti-malware, and access controls
  • Demonstrating compliance with evidence, not just self-assessment

It’s ideal for businesses handling sensitive data or working in regulated industries — or anyone who wants to prove their security measures work in practice.

Busted Myths About Cyber Essentials

“We’re too small for this.”
Cyber Essentials was designed with SMEs in mind — in fact, they have the most to gain.

“Antivirus is enough.”
Not anymore. CE covers misconfigurations, access controls, patching, and more.

“It’s expensive and technical.”
It doesn’t have to be. We guide you through the whole process — jargon-free and affordable.

Why Work With Us?

At Xeretec, we don’t just help others get certified — we achieved Cyber Essentials Plus ourselves in 2021. Since then, we’ve supported a wide range of organisations on their path to Cyber Essentials and Cyber Essentials Plus, from initial assessment through to successful certification.

We understand where businesses typically fall short, and how to guide you through the process clearly, affordably, and without disruption.

Get Started with a Free Checklist 

Want to know what’s involved in passing?
Download our Cyber Essentials Checklist PDF
This free guide breaks down the five control areas, what assessors look for, and how to prepare — step-by-step.

More Information?

Need support or ready to start your certification journey?  Contact us – we’re here to help!