Skip to Content

Cyber Essentials

Developed and backed by the UK governments' National Cyber Security Centre (NCSC), Cyber Essentials is a program to assist businesses implement the foundations of cyber security.

LANDR Security assists your organisation to attain the Cyber Essentials certification with a choice of two service channels.


Find Out More

What Is Cyber Essentials

Many companies struggle with understanding cyber security; how to protect their computer systems, data, their staff and the services they connect to. This is not just small companies, but also the largest corporations too.

Global news channels appear to be reporting breaches and hacks on a regular basis, with customer data being exposed, stolen or ransomed. If this can happens to large organisations its easy to think that small companies have little chance to protect themselves.

However, the vast amount of security incidents occur as a result of issues and misconfiguration in just five areas.

Cyber Essentials is a verified self-assessment examining how companies are managing these five technical control areas. While no silver bullet - it is designed to mitigate the vast majority of attacks that often lead to account compromise, ransomware, and data breaches. 

Those five controls are firewalls, secure configuration, user access control, malware protection, and security update management.


Cyber Crime In The UK

Cyber attacks remain a routine business risk. The 2025 UK Cyber Security Breaches Survey found that 43% of businesses reported a breach or attack in the past 12 months, with the figure rising to 67% for medium and 74% for large organisations. 

High-impact incidents are increasing, with the NCSC reporting a 50% rise in highly significant cases across 2024 to 2025. Recent fines and headlines show the operational and regulatory consequences of getting this wrong.


Why Being Certified Matters

Win and retain contracts: many central government and an increasing number of local government procurements require Cyber Essentials, and large private buyers often adopt the same stance for their supply chains. 

Reduce cyber risk materially: the controls address the most common initial access routes, including weak configuration, missing patches, unsafe software, and poorly managed accounts.

Demonstrate governance: board sign-off and an external assessment show that security is managed at leadership level, which speaks directly to customer and insurer expectations.

Insurance uplift for small organisations: UK organisations that certify their whole organisation and have under £20m turnover can access automatic cyber liability insurance through the scheme, subject to terms.

How To Get Cyber Essentials

There are two levels:

Cyber Essentials: An independently verified assessed self-assessment, signed off and submitted by a company board member, renewed annually.

Cyber Essentials Plus: A hands-on technical audit that validates the Cyber Essentials controls on a sample of your devices and systems. CE+ must be completed within three months of passing the basic Cyber Essentials assessment.



What Cyber Essentials Covers

The standard focuses on five key areas applied to all in-scope devices, users, applications, and cloud services.

Firewalls & Routers

A firewall is a security gateway between your network / devices and the internet. Your internet router usually includes a firewall. The rule is simple, only let the traffic through that you need for work, and block the rest. If something is open to the whole internet when it does not need to be, attackers will find it and exploit it.

Secure Configuration

New devices and apps often ship with default settings that are easy to use but not secure. Secure configuration means switching off extras you do not need, changing weak defaults, and setting the device up to reduce risk.

Security Update Management

Criminals look for known weaknesses in commonly used software. Vendors publish fixes called updates or patches. Applying updates quickly closes the door before hackers walk through it. Updates apply to computers, phones, tablets operating systems, apps, browsers, office suites, and also to firmware on devices such as routers and firewalls.

User Access Control

Staff should have only the access they need to do their job, nothing more. Administrator access should be rare and controlled. Strong login methods reduce the chance of criminals guessing or stealing passwords.

Malware Protection

Malware is malicious unwanted software such as viruses, ransomware, and spyware. Companies must have a suitable method to stop it from running, to detect it and remove it if it appears.

Get Cyber Essentials With LANDR Security

Cyber Essentials Certification

The Cyber Essentials base level certification involves a "point in time" self-assessment covering the five core areas of control.

We work with you to prepare your technical estate and company processes prior to the assessment.

Learn More

NCSC Cyber Essentials Certification
NCSC Cyber Essentials Plus (CE+) Certification

Cyber Essentials PLUS Certification

Available for Cyber Essentials base level certified companies, the Cyber Essentials PLUS certification involves an in-depth assessor led audit, examining compliance and verified defence protection from simulated intrusions.

LANDR is with you every step of the way; explaining the process, expected outcomes and remediation.

Learn More

Ready To Start Your Journey ?


Let's get you started. Complete the onboarding steps and we will contact you to discuss your requirements and timescales for certification.

Start Here