Frequently Asked Questions

The primary difference is in the level of testing your company undergoes. • Cyber Essentials: This is a self-assessment questionnaire that is verified by a qualified professional (like us). It shows you have the right processes in place. • Cyber Essentials Plus: This includes the self-assessment, but also involves an independent external and internal vulnerability scan of your systems by a certifying body. It proves that your security controls are actually working in practice.

The cyber threat landscape changes daily. Cyber Essentials ensures you aren't relying on "luck" to keep you safe. It provides a formal, audited framework that drastically reduces your vulnerability to automated attacks, which constantly scans the internet for weak spots.

Absolutely. In fact, it is often small businesses that are targeted by cyber criminals because they typically lack the necessary defences. Don't let this be you!

Of course! This is where we provide the most value. Our entire service is designed to be an easy experience for companies without dedicated IT staff. We translate the technical jargon into plain English, guide you through the questionnaire, and help you implement the fixes. You don't need to be a tech expert; you just need to know how your business runs.

Yes. If you fail the assessment, you will be provided feedback and be allowed to make corrections over a 48 hour period, in which you can pass the assessment without any additional charge. However, if you fail to implement the necessary changes during this time, you will fail and have to purchase a new assessment.

No. A Cyber Essentials Certificate is valid for 12 months, before it must be renewed.

The timeline varies depending on your readiness. For a business that is well-prepared and cyber aware, or even has dedicated staff, the process from initial guidance to receiving your certificate can be as quick as 1-2 weeks. For those starting from scratch, we recommend allowing 1-3 months to work through the guidance, implement necessary changes, and complete the assessment without feeling rushed.

No. The requirement is that you have a malware protection solution that is "appropriate and effective." This could be the built-in solution like Microsoft Defender (which is perfectly acceptable when properly configured), or any other commercial solution.

IASME is the National Cyber Security Centre's (NCSC) partner responsible for managing the Cyber Essentials scheme. They oversee all Certification Bodies like Regola. Our association with IASME means we have been vetted and approved by the governing body of the scheme, ensuring our assessments are conducted to the highest standard.

Yes, though indirectly. While Cyber Essentials is not a GDPR compliance scheme, it directly supports it. The five technical controls you need to implement for Cyber Essentials are fundamental to keeping personal data secure. If you ever faced an ICO investigation, being able to demonstrate you have these controls in place (via certification) would be a very strong point in your favour.

Yes, this is a significant benefit of becoming certified. With this certification, free cyber insurance is provided for up to £25000, for organisations with under £20 million turnover.

The certification assessment is designed to be very affordable for small to medium businesses. The price varies depending on the size of the company, with the micro-business assessment being £320 plus VAT.

Absolutely! Many of your clients (especially if they are other businesses), will see your Cyber Essentials Certification as proof that you can be trusted with their data, and that your company is resilient. Many businesses are increasingly hesitant to partner with companies that do not appear to have strong security controls in place.

Yes. There is a 24 hour incident response helpline operated by experts, provided by IASME. This is included with Cyber Essentials for free.

Yes. While we are based in Devon, we offer our support to businesses across the UK.