Frequently Asked Questions

The primary difference is in the level of testing your company undergoes. • Cyber Essentials: This is a self-assessment questionnaire that is verified by a qualified professional (like us). It shows you have the right processes in place. • Cyber Essentials Plus: This includes the self-assessment, but also involves an independent external and internal vulnerability scan of your systems by a certifying body. It proves that your security controls are actually working in practice.

The cyber threat landscape changes daily. Cyber Essentials ensures you aren't relying on "luck" to keep you safe. It provides a formal, audited framework that drastically reduces your vulnerability to automated attacks, which constantly scans the internet for weak spots.

Absolutely. In fact, it is often small businesses that are targeted by cyber criminals because they typically lack the necessary defences. Don't let this be you!

Of course! This is where we provide the most value. Our entire service is designed to be an easy experience for companies without dedicated IT staff. We translate the technical jargon into plain English, guide you through the questionnaire, and help you implement the fixes. You don't need to be a tech expert; you just need to know how your business runs.

Yes. Retaking the test can be done for free for both Cyber Essentials and Cyber Essentials Plus.

No. A Cyber Essentials Certificate is valid for 12 months, before it must be renewed.

No. The requirement is that you have a malware protection solution that is "appropriate and effective." This could be the built-in solution like Microsoft Defender (which is perfectly acceptable when properly configured), or any other commercial solution.

The timeline varies depending on your readiness. For a business that is well-prepared, the process from initial guidance to receiving your certificate can be as quick as a few weeks. For those starting from scratch, we recommend allowing 1-3 months to work through the guidance, implement necessary changes, and complete the assessment without feeling rushed.

IASME is the National Cyber Security Centre's (NCSC) partner responsible for managing the Cyber Essentials scheme. They oversee all Certification Bodies like Regola. Our association with IASME means we have been vetted and approved by the governing body of the scheme, ensuring our assessments are conducted to the highest standard.

Yes, though indirectly. While Cyber Essentials is not a GDPR compliance scheme, it directly supports it. The five technical controls you need to implement for Cyber Essentials are fundamental to keeping personal data secure. If you ever faced an ICO investigation, being able to demonstrate you have these controls in place (via certification) would be a very strong point in your favour.

Yes, this is a significant benefit of becoming certified. With this certification, free cyber insurance is provided for up to £25000, for organisations with under £20 million turnover.

The certification assessment is designed to be very affordable for small to medium businesses. The price varies depending on the size of the company, with the micro-business assessment being £320 plus VAT.

Absolutely! Many of your clients (especially if they are other businesses), will see your Cyber Essentials Certification as proof that you can be trusted with their data, and that your company is resilient. Many businesses are increasingly hesitant to partner with companies that do not appear to have strong security controls in place.