Cyber Essentials vs. Essentials Plus: What’s Right for You?

Cyber Essentials vs. Essentials Plus: What’s Right for You?

What is Cyber Essentials? 

Cyber Essentials is a UK government-backed cybersecurity framework, designed to help organisations implement essential cyber hygiene. It’s overseen by the National Cyber Security Centre (NCSC) and administered by IASME. The certification helps protect against the most common internet-based threats. To achieve it, you complete a self-assessment questionnaire, demonstrating that you have the following five technical controls in place: 

  1. Boundary firewalls and internet gateways
    2. Secure configuration of devices and systems
    3. Access control
    4. Malware protection
    5. Patch management 
  2. Your responses are reviewed by a qualified assessor, and support is available to help you complete the assessment accurately. Pricing typically starts at around £250 + VAT. 


What is Cyber Essentials Plus? 

Cyber Essentials Plus builds on the same five controls but adds an essential layer of trust: independent technical verification. 
 
This includes:

  • External vulnerability scans of public-facing systems
  • On-site or remote audits of sample devices (e.g. desktops, laptops, mobile devices, servers)
  • Multi-Factor Authentication (MFA) checks for cloud and remote access services 
     

Unlike the basic level, Plus certification requires remediation of any gaps found during testing—usually within 30 days—before certification can be issued. 
 
Costs typically range from £1,500 to £3,000 + VAT, depending on the size and complexity of your organisations IT environment. 


Why Upgrade to Plus? 

  • Greater assurance. With real testing of your systems, you’re not just saying you’re secure and you’re proving it.
  • Required for certain contracts and insurance policies. Public sector contracts (including NHS and local authorities) often require Cyber Essentials Plus.
  • Improved cyber posture. Independent audits can uncover misconfigurations or risks you may not detect internally.
  • Professional credibility. Demonstrates to partners, stakeholders, and clients that cybersecurity is more than a checkbox, it’s a business priority. 


Which One Should You Choose? 

Here’s a quick decision guide: 

Company needs Plan
Small organisation with basic IT needs Cyber Essentials
Handles sensitive data or complex infrastructure Cyber Essentials Plus
Bidding for UK public sector work Cyber Essentials Plus
Stronger insurance or client trust Cyber Essentials Plus


How to Prepare 

  1. Conduct a risk assessment. Understand your vulnerabilities and where to focus.
  2. Implement the five key controls. Firewalls, configuration, access, malware protection, and updates.
  3. Complete the Cyber Essentials questionnaire. Ensure all answers reflect real, working policies.
  4. For Plus certification. Engage a licensed certification body to conduct audits and scans.
  5. Close any gaps. You’ll need to fix vulnerabilities within 30 days to pass.
  6. Maintain momentum. Certification is annual. Consider managed security services to stay protected year-round. 


Summary 

  • Cyber Essentials provides a solid foundation at a low cost and is ideal for small organisations or those just getting started.
  • Cyber Essentials Plus delivers higher confidence through independent testing and is often required for regulated or sensitive sectors.
  • Choose the level that matches your budget, risk profile, and contractual or regulatory obligations.
  • Most importantly, treat certification as part of an ongoing cybersecurity journey not just a tick-box exercise. 


Need Help? 

At Cranborne Tech, we’ve supported organisations across care, financial services, and retail to achieve Cyber Essentials and Cyber Essentials Plus. Whether you’re preparing for certification or want to strengthen your cyber resilience overall, we’re here to help. 
Get in touch to book a free discovery call. 

Contact Us

What an AI Agent Can Do for a UK Small Business

December 2, 2025
AI tools are everywhere at the moment, but for most small businesses the real question is simple: can this actually help us day to day? The answer, increasingly, is yes. AI agents are becoming a practical, affordable way for UK SMBs to lighten workloads, improve responsiveness and strengthen their cyber security without adding to headcount. Here’s what they can realistically take off your plate. Take the admin you never get time for Most small teams lose hours each week to tasks like updating spreadsheets, booking meetings, chasing invoices or sorting inbox clutter. An AI agent can handle these automatically in the background — consistently, accurately and without needing to be chased. It’s not about replacing people; it’s about giving them space to focus on the work that actually moves the business forward. Improve customer response times Customers expect fast answers, even when your team is busy or out on site. AI agents can deal with routine enquiries, provide updates, and pass more complex queries straight to the right person. You stay responsive, your team stays sane, and nothing gets forgotten in the rush. Add another layer of cyber protection Cyber threats are rising across the UK, and many of the attacks we’re seeing at Cranborne start with human error — a missed warning sign, a convincing phishing email, or an unusual login that doesn’t get spotted in time. An AI agent can monitor activity in the background and raise a flag the moment something looks suspicious. It’s not a silver bullet, but it’s an extra pair of eyes when you need it most. Support sales and marketing without extra staff From following up with leads to drafting emails and analysing which campaigns actually worked, AI agents help small businesses stay consistent. They don’t replace your voice or your expertise — they simply keep the wheels turning so opportunities don’t slip through the cracks. Help you make better decisions, faster Instead of digging through systems for data, an AI agent can pull together quick reports, highlight trends and spot issues early. That means business owners get clearer visibility without spending evenings trawling through spreadsheets. The takeaway AI agents aren’t a gimmick. Used well, they become part of the team — handling the repetitive, the routine and the time-consuming. For UK SMBs under pressure to do more with less, they offer a straightforward way to improve efficiency, strengthen security and give your people their time back.

The 2026 IT Priorities UK SMBs Can’t Ignore

December 2, 2025
2026 will be a defining year for UK small and medium businesses. Technology is no longer just a background function – it shapes resilience, productivity, and competitiveness. At Cranborne Tech, we see this first-hand across care providers, financial services, retail, and non-profits. The organisations moving forward are the ones treating IT as a strategic enabler, not a cost centre. 1. Cybersecurity First: A Zero-Trust Reality Cyber threats continue to rise, and insurers now require demonstrable controls. SMBs must embed Zero Trust principles: MFA everywhere, continuous monitoring, dark web monitoring and phishing simulations as part of regular staff training. Security is now the foundation of every digital decision. 2. AI-Driven Productivity AI is now built into everyday tools like Microsoft 365. SMBs can save hours each week through automated reporting, meeting summaries, documentation support, and enhanced customer service workflows. Responsible governance and staff training must sit alongside adoption. 3. Cloud Cost Control Licensing and cloud waste became a major issue in 2024–2025. In 2026, SMBs should focus on rationalising tools, removing unused subscriptions, and right-sizing backup and cloud storage plans. A cleaner, more efficient cloud estate lowers costs and reduces complexity. 4. Modernising Infrastructure Cloud environments are now the default, although hybrid is still operational where needed. SMBs need reliable networks, standardised devices, secure remote access, and infrastructure capable of supporting AI-driven workloads. Modernisation boosts stability and improves user experience. 5. Business Continuity That Works Backups alone aren’t enough. SMBs need recoverability: encrypted cloud backups, offline copies, documented disaster recovery plans, and regular testing. Insurers and partners increasingly expect evidence, not assumptions. 6. Compliance and Governance Maturity Clear policies, documented patching, supplier assurance, and ongoing training form the baseline for regulated sectors. Mature governance builds trust and removes friction during audits or contract renewals. 7. Employee Experience Through IT Smooth onboarding, consistent devices, self-service capability, and proactive support make a measurable difference to productivity. In 2026, IT is a core part of employee experience. 8. Automating Everyday Workflows SMBs can now automate HR approvals, finance tasks, customer service routing, and reporting without enterprise budgets. Small steps create meaningful efficiency gains. Book a free IT audit The businesses that will thrive in 2026 are those treating IT as a growth partner. Cranborne Tech is here to help UK SMBs build resilient, secure, and future-ready digital foundations. If you want to understand how your IT supports your business goals and identify any gaps before they become risks, book a free IT audit . We’ll review your current setup and guide you on the next steps.