Cyber Essentials vs. Essentials Plus: What’s Right for You?

Cyber Essentials vs. Essentials Plus: What’s Right for You?

What is Cyber Essentials? 

Cyber Essentials is a UK government-backed cybersecurity framework, designed to help organisations implement essential cyber hygiene. It’s overseen by the National Cyber Security Centre (NCSC) and administered by IASME. The certification helps protect against the most common internet-based threats. To achieve it, you complete a self-assessment questionnaire, demonstrating that you have the following five technical controls in place: 

  1. Boundary firewalls and internet gateways
    2. Secure configuration of devices and systems
    3. Access control
    4. Malware protection
    5. Patch management 
  2. Your responses are reviewed by a qualified assessor, and support is available to help you complete the assessment accurately. Pricing typically starts at around £250 + VAT. 


What is Cyber Essentials Plus? 

Cyber Essentials Plus builds on the same five controls but adds an essential layer of trust: independent technical verification. 
 
This includes:

  • External vulnerability scans of public-facing systems
  • On-site or remote audits of sample devices (e.g. desktops, laptops, mobile devices, servers)
  • Multi-Factor Authentication (MFA) checks for cloud and remote access services 
     

Unlike the basic level, Plus certification requires remediation of any gaps found during testing—usually within 30 days—before certification can be issued. 
 
Costs typically range from £1,500 to £3,000 + VAT, depending on the size and complexity of your organisations IT environment. 


Why Upgrade to Plus? 

  • Greater assurance. With real testing of your systems, you’re not just saying you’re secure and you’re proving it.
  • Required for certain contracts and insurance policies. Public sector contracts (including NHS and local authorities) often require Cyber Essentials Plus.
  • Improved cyber posture. Independent audits can uncover misconfigurations or risks you may not detect internally.
  • Professional credibility. Demonstrates to partners, stakeholders, and clients that cybersecurity is more than a checkbox, it’s a business priority. 


Which One Should You Choose? 

Here’s a quick decision guide: 

Company needs Plan
Small organisation with basic IT needs Cyber Essentials
Handles sensitive data or complex infrastructure Cyber Essentials Plus
Bidding for UK public sector work Cyber Essentials Plus
Stronger insurance or client trust Cyber Essentials Plus


How to Prepare 

  1. Conduct a risk assessment. Understand your vulnerabilities and where to focus.
  2. Implement the five key controls. Firewalls, configuration, access, malware protection, and updates.
  3. Complete the Cyber Essentials questionnaire. Ensure all answers reflect real, working policies.
  4. For Plus certification. Engage a licensed certification body to conduct audits and scans.
  5. Close any gaps. You’ll need to fix vulnerabilities within 30 days to pass.
  6. Maintain momentum. Certification is annual. Consider managed security services to stay protected year-round. 


Summary 

  • Cyber Essentials provides a solid foundation at a low cost and is ideal for small organisations or those just getting started.
  • Cyber Essentials Plus delivers higher confidence through independent testing and is often required for regulated or sensitive sectors.
  • Choose the level that matches your budget, risk profile, and contractual or regulatory obligations.
  • Most importantly, treat certification as part of an ongoing cybersecurity journey not just a tick-box exercise. 


Need Help? 

At Cranborne Tech, we’ve supported organisations across care, financial services, and retail to achieve Cyber Essentials and Cyber Essentials Plus. Whether you’re preparing for certification or want to strengthen your cyber resilience overall, we’re here to help. 
Get in touch to book a free discovery call. 

Contact Us

How AI is Reshaping Managed IT Services and Cyber Security

August 10, 2025
Artificial Intelligence (AI) has moved from being a future concept to a daily reality in IT. For businesses of all sizes, AI is already reshaping how IT services are delivered, monitored and secured. From predictive threat detection to automated support, AI is transforming managed IT into something more proactive, more efficient, and more resilient than ever before. 

What’s New in Tech (News You Can Use) from Cranborne’s CTO Ryan Wilson

August 4, 2025
Unlocking Productivity: How CoPilot Studio Can Transform the Way You Work “CoPilot isn’t about replacing people. It’s about freeing them to do their best work. And CoPilot Studio gives you the tools to make that happen your way”. All businesses today are seeking greater efficiency, clarity, and responsiveness – drivers for business success. We’re increasingly leaning on technology to streamline operations, and Microsoft CoPilot Studio is emerging as a powerful new tool to empower teams, helping them work smarter, faster and with more confidence and security. But what exactly is CoPilot Studio? And how can it help organisations like yours? Let’s break it down. What Is Microsoft CoPilot Studio? CoPilot Studio is Microsoft’s low-code environment that allows businesses to build, customise, and manage their own AI-powered assistants tailored to their unique needs. It integrates seamlessly with Microsoft 365 apps like Outlook, Teams, Word, Excel, and Power Platform. Essentially, it’s a way for you to train your own “CoPilot” to know your workflows, your data, and your users making it infinitely more useful than a general-purpose chatbot. Unlike the default CoPilot that sits within Microsoft 365 (which is still powerful), CoPilot Studio allows customisation and automation beyond what comes out of the box. What’s the Difference Between CoPilot Studio and Other AI Tools? While tools like ChatGPT or other LLMs are great for general brainstorming or copywriting, CoPilot Studio is: Integrated with your Microsoft 365 tools Customisable for your business Able to automate real workflows Trainable on your specific documents and policies It’s not just about “answering questions” it’s about automating tasks and surfacing knowledge in real-time, where your staff already work. Why It Matters for Your Business CoPilot Studio isn’t just a flashy new AI toy, it has real, immediate implications for how small to mid-sized organisations manage work. Here’s how it can drive impact: Custom Workflows Need to automate staff onboarding, document approval, or incident reporting? CoPilot Studio allows you to design those flows with minimal coding. It means less time spent on repetitive admin and more time focused on outcomes. Internal Knowledge Access CoPilot can be trained to access and respond with information from your own documents, policies, or procedures. Staff can ask, “How do I log a safeguarding concern?” or “Where’s the holiday policy?” and get instant answers based on your actual documents, not internet guesses. Sector-Specific Integration Whether you're a care home, a charity, or a retailer CoPilot Studio can adapt to your terminology, systems, and processes. For example: In healthcare, it can provide quick access to care plans or log compliance notes. In the non-profit sector, it can streamline grant applications or volunteer scheduling. In retail, it can help with inventory queries, staff rotas, or FAQs from customers. Real-World Example: From Request to Resolution Let’s say you run a small chain of care homes. A new employee joins and has questions about reporting medication errors. With CoPilot Studio: You’ve already built a simple assistant that sits inside Teams. The assistant is connected to your compliance handbook and company SharePoint site. The new employee opens Teams, types their question, and gets a tailored answer, complete with a link to the reporting form. That’s one less support ticket. One more confident team member. And crucially, faster compliance with CQC standards. Security and Governance Built In A key concern for many organisations is data privacy. Microsoft CoPilot Studio addresses this with enterprise-grade security: Data doesn’t leave your tenant. All information is stored within your Microsoft 365 environment. Role-based access control allows you to limit who can see or edit content. Audit trails and version control ensure oversight and compliance. This makes it a trusted option for regulated industries, like healthcare or finance, where security is non-negotiable. What Does It Take to Get Started? You don’t need to be a developer. Most CoPilot Studio apps can be built using a drag-and-drop interface, similar to Power Automate or Forms. However, working with a partner like Cranborne Tech can help ensure:  Your assistants are compliant, secure, and well-tested You’re integrating CoPilot with SharePoint, Teams, and third-party systems effectively Your users receive proper training and documentation Think of us as your AI adoption guide helping you build once, and benefit for months or years to come. Future Roadmap Organisations piloting CoPilot Studio are already seeing gains in: Staff productivity (less time searching, more time doing) Response consistency (especially for customer service or compliance) Automation ROI (reducing time spent on routine workflows) As Microsoft continues to invest in its AI stack, we expect even tighter integration with Dynamics, Outlook, and third-party SaaS tools. Ready to Explore CoPilot Studio? We’re helping clients right now to map use cases, build internal bots, and reduce time spent on manual processes. If you’d like a quick walkthrough of what CoPilot Studio could do for your organisation, get in touch for a demo or discovery call.