Probably less than you think

The first assumption that a lot of businesses make is that the figure will be too high and the job too complex. In this post, I aim to convince you that for the vast majority of SMEs, both assumptions are not necessarily true.

Let’s start with a few simple first steps:

Step 1: Implement the UK Government’s GCHQ-led Cyber Essentials (CE) programme. Why? Because it makes huge sense. Don’t take my word for it – do some research on Google.

Step 2: Decide which of the two CE Certificates is most relevant for your business: Cyber Essentials Basic or Cyber Essentials Plus (CE+ requires an on-site audit and provides a higher level of assurance). Want help deciding? Go to Step 3.

Step 3: Go to to learn all about the CE Programme and then hit the “Start” button to begin your journey to Cyber Essentials certification and a more secure future for your organisation.

So how much does this cost and how complicated is it to achieve CE certification?

If you follow the 3 simple steps above, the cost to join The Cyber Highway is:

·        £300 for a micro business (1 to 10 employees)

·        £600 for a small business (11 to 50 employees)

·        £900 for a medium sized business (51 to 250 employees)

·        £1,200 for a large business (251 to 500 employees)

These are annually renewable charges and you pay an additional £300 for the CE Certificate – this is provided by one of the Government’s Accreditation Bodies – a badge which you may display on your website and on marketing materials. This provides a strong message to your customers and clients that you take cyber security seriously and proves that you have achieved a Government standard which is endorsed by GCHQ and the new National Cyber Security Centre (NCSC).

About complexity and other costs: To reduce the total cost of achieving CE certification, The Cyber Highway provides an abundance of guidance, help and support.  The Cyber Highway team want you to be successful at defending your business at the lowest possible cost.

So, if you outsource your IT to a third party provider, we recommend you call on them to provide many of the answers to technical queries. If you don’t have a technical partner and don’t feel able to carry out some of the work that you will need to do, you might have to pay for remote technical security support to help you comply with some of the statements that you will meet on your Cyber Highway journey to successful certification.

This online support is provided by Accredited Cyber Essentials technicians at £100 per hour.

If you decide to take the CE+ Route – you can expect to pay for an on-site visit by a CE Assessor who will carry out a vulnerability assessment of your network(s) and an audit of randomly chosen devices. You should expect rates to start at £1,250 for this service – total charges will depend on the size of your business and the number of sites from which you operate.

To summarise: A micro business joining The Cyber Highway to achieve CE Basic certification could do so with ease, at a total cost of £600. If the business doesn’t have an IT partner and needs a couple of hours of remote technical security support – add on £200.

How easy and painless is that!