Connection Technologies is a UK Cyber Essentials certification consultancy for businesses that want the certificate without the four-week project. We deploy our managed compliance agent across every Windows, macOS, iOS and Android device in your organisation, automatically enforce the five Cyber Essentials technical controls, submit your IASME-validated assessment, and own the renewal cycle for as long as you stay with us.
If you’ve been quoted a flat assessor fee plus weeks of internal IT remediation work — that’s the old way. Our managed plan replaces all of that with a single monthly subscription that covers the IASME submission, the certification fee, the device agent, third-party app patching, security awareness training and policy templates. The first Cyber Essentials certificate is typically issued within 2–4 weeks. Cyber Essentials Plus takes 4–8 weeks because it adds an independent IASME-licensed audit on top.
Cyber Essentials — managed certification for UK businesses
Cyber Essentials is a UK government-backed certification scheme operated by IASME on behalf of the National Cyber Security Centre (NCSC). Achieving Cyber Essentials certification proves to customers, suppliers and procurement teams that your organisation has implemented the five core technical controls that would block the vast majority of common cyber attacks: a properly configured firewall, secure device configuration, user access control, malware protection and security update management.
The Cyber Essentials questionnaire is verified by IASME — but you still need every in-scope device to actually pass the controls. That’s where most certifications stall. Our managed agent does the technical heavy lifting so the questionnaire becomes paperwork, not a remediation project.
Cyber Essentials — UK pricing (RRP)
Core Bundle (includes Cyber Essentials) · All prices ex VAT · UK only
| Users | Monthly RRP | Annual RRP |
|---|---|---|
| 1–9 users | £103.00 / mo | £1,025.00 / yr |
| 10–19 users | £134.00 / mo | £1,340.00 / yr |
| 20–49 users | £229.00 / mo | £2,285.00 / yr |
| 50–99 users | £321.00 / mo | £3,205.00 / yr |
| 100–249 users | £475.00 / mo | £4,750.00 / yr |
| 250+ users | POA | POA |
What you get for that price
- Cyber Essentials self-assessment, including IASME submission and certification fee
- Active Protect agent for up to 5 devices per user (Windows, macOS, iOS, Android)
- 3rd-party app patching for Windows and Mac (Patch)
- 18-module Learn Lite security-awareness training
- Smart Policies — templates and policy manager
Renewal is exactly 12 months from order date. Monthly orders are subject to a 12-month term. Cyber Essentials Plus audits must be completed within 3 months of basic Cyber Essentials being issued (allow a minimum 3-week lead time when booking the audit).
What “managed Cyber Essentials” actually means
Compliance agent on every device
Lightweight Active Protect agent for Windows, macOS, iOS and Android. Up to 5 devices per user. It continuously evaluates each device against the Cyber Essentials technical controls.
Auto-remediation, not just reporting
Where the agent can fix something remotely (firewall configuration, secure-config baselines, app patching, MFA enforcement on cloud services), it does. You see a green tick instead of a ticket queue.
Evidence pack for IASME, automatically
The agent generates the technical evidence pack that gets submitted with your Cyber Essentials questionnaire — so you only answer the business-context questions, not the technical ones.
Annual renewal, owned by us
Cyber Essentials must be renewed every 12 months. Because the agent keeps you continuously compliant in between, renewal is a paperwork exercise — not a re-implementation project.
3rd-party app patching (Windows + Mac)
Patch keeps every supported third-party application up to date — Chrome, Firefox, Adobe, Zoom, the lot. Out-of-date software is the #1 reason organisations fail Cyber Essentials Plus on the day.
Security-awareness training
18-module Learn Lite training included with Cyber Essentials, or full 70+ module Learn (with phishing simulation) included with the Cyber Essentials Plus tier.
Smart Policies template manager
Battle-tested template policies for everything Cyber Essentials needs documented — acceptable use, password policy, BYOD, data-handling, incident response — fully editable in the policy manager.
Free £25k cyber-liability insurance
Eligible UK-domiciled organisations with annual turnover under £20 million automatically receive £25,000 of free cyber-liability insurance, renewed each year with the certification.
Cyber Essentials Plus — independent audit, fully managed
Cyber Essentials Plus is the same five technical controls — but verified by an independent IASME-licensed assessor rather than self-attested. The assessor performs:
- External vulnerability scan of your internet-facing infrastructure.
- Internal authenticated scan of a representative sample of every device type in scope.
- Email and web malware tests — a controlled set of EICAR/test phishing payloads to confirm your endpoint protection blocks them.
- Account separation and MFA verification on cloud services.
If a device fails on the day of audit, you have a short window to remediate and re-test. Our managed agent’s job is to make sure that never happens — every device that’s enrolled is continuously kept above the audit threshold, so the assessor’s day is uneventful (which is exactly what you want).
Cyber Essentials Plus is increasingly required across UK procurement: most MoD contracts, growing parts of the NHS supply chain, and many large-enterprise vendor portals. If your sales team is being asked to upload a CE+ certificate to a procurement portal in the next 90 days, this is the tier you need.
Cyber Essentials Plus — UK pricing (RRP)
Complete Bundle (includes Cyber Essentials & Cyber Essentials Plus) · All prices ex VAT · UK only
| Users | Monthly RRP | Annual RRP |
|---|---|---|
| 1–9 users | £272.00 / mo | £2,716.00 / yr |
| 10–19 users | £326.00 / mo | £3,255.00 / yr |
| 20–49 users | £421.00 / mo | £4,205.00 / yr |
| 50–99 users | £552.00 / mo | £5,520.00 / yr |
| 100–249 users | £819.00 / mo | £8,190.00 / yr |
| 250+ users | POA | POA |
What you get for that price
- Everything in the Core Bundle, plus
- Cyber Essentials Plus audit and certification by an IASME-licensed assessor
- Active Protect agent for up to 5 devices per user (Windows, macOS, iOS, Android)
- 70+ module Learn security-awareness training and phishing simulation
- Privacy Toolbox — GDPR tools and document templates
- Smart Policies — templates and policy manager
- 3rd-party app patching for Windows and Mac (Patch)
Renewal is exactly 12 months from order date. Monthly orders are subject to a 12-month term. Cyber Essentials Plus audits must be completed within 3 months of basic Cyber Essentials being issued (allow a minimum 3-week lead time when booking the audit).
Cyber Essentials vs Cyber Essentials Plus — which do you need?
The short answer: basic Cyber Essentials is the right starting point for most UK SMEs and is enough to satisfy a lot of private-sector procurement. Cyber Essentials Plus is required when a buyer’s contract or supplier portal explicitly demands it — most commonly UK government, MoD, NHS supply chain, and increasingly large-enterprise vendor onboarding for anyone touching sensitive data.
Cyber Essentials vs Cyber Essentials Plus — at a glance
| Cyber Essentials | Cyber Essentials Plus | |
|---|---|---|
| Assessment style | Self-assessment questionnaire (verified by IASME) | Independent technical audit by IASME assessor |
| External vulnerability scan | Not required | Yes — performed by the assessor |
| Internal authenticated scan of devices | Not required | Yes — sample of every device type |
| Email/web malware tests | Not required | Yes — phishing/malicious file simulations |
| Backed by NCSC | Yes | Yes |
| Includes free £25k cyber-liability insurance¹ | Yes | Yes |
| Typical time to certify (managed) | 2–4 weeks | 4–8 weeks (CE first, then audit within 3 months) |
| Required for many UK government & MoD contracts | Often baseline | Often required for MoD and sensitive data work |
| Renewal cycle | Annual | Annual |
¹ Free £25,000 cyber-liability insurance applies to UK-domiciled organisations with turnover under £20 m, when certified through an IASME-licensed body and renewed annually. Terms apply.
If you’re not sure which tier you need, the safest answer is “look at the contract you’re trying to win”. Most procurement portals state the requirement explicitly. If it just says “Cyber Essentials”, basic certification covers it. If it says “Cyber Essentials Plus” or “an independently audited equivalent”, you need the Plus tier.
The five Cyber Essentials technical controls — what gets checked
The Cyber Essentials requirements distil to five technical control families, each of which our managed agent handles automatically across every in-scope device.
1. Firewalls
Every device that connects to the internet must have a properly configured boundary firewall — either at the network edge (your router/UTM) or on the device itself (Windows Defender Firewall, macOS Application Firewall, etc.). Default admin passwords on the firewall must be changed, and any inbound services must be either documented and justified or blocked.
2. Secure configuration
Devices and software must be configured to reduce vulnerability exposure: no default user passwords, unused user accounts removed, unnecessary software and services removed, auto-run disabled for removable media, and the device must require authentication before access. Our agent enforces a hardened baseline on every endpoint and reports drift.
3. User access control (with MFA on cloud)
User accounts must be assigned only to authorised individuals, with the minimum permissions needed to do their job. Administrator accounts must be separate from day-to-day accounts. Multi-factor authentication is mandatory on cloud services that accept it (Microsoft 365, Google Workspace, your CRM, your accounting platform — all of them). MFA enforcement is one of the most common audit failure points; our agent verifies it.
4. Malware protection
Every endpoint must have one of: anti-malware software (kept up to date and configured to scan files on access), application allow-listing (so only approved applications can run), or sandboxing. The agent ships with always-on endpoint protection on Windows and macOS, and uses platform anti-malware on iOS and Android.
5. Security update management
All operating systems and applications must be kept patched, supported, and within their vendor-supported lifetime. Critical/high-severity patches must be applied within 14 days of release. Our agent handles patching automatically — Windows and macOS OS updates plus 3rd-party app patching for everything else (Chrome, Adobe, Zoom, Slack, you name it).
Who Cyber Essentials is for
If any of these statements apply to you, you almost certainly need Cyber Essentials:
- You’re being asked for a Cyber Essentials certificate by a customer, supplier, or insurer.
- You bid for UK government contracts (most require Cyber Essentials as a baseline).
- You handle MoD work, sensitive data, or operate in financial services / professional services.
- You want £25,000 of free cyber-liability insurance and a credibility badge for your website.
- You’re an MSP / IT consultancy whose clients keep asking you what Cyber Essentials means.
The scheme was designed by NCSC explicitly for SMEs — it’s not enterprise-grade red-team work, it’s the practical baseline that prevents most everyday attacks. That’s also what makes it achievable as a managed monthly subscription rather than a six-figure consulting engagement.
How Connection Technologies delivers your certification
Here’s the four-stage process from sign-up to certificate.
1. Onboarding (week 1)
30-minute scoping call — we confirm headcount, devices in scope, cloud services and the certification target (CE or CE+). Our agent is provisioned and you receive deployment instructions for Windows, macOS, iOS and Android.
2. Continuous compliance (weeks 1–3)
The agent rolls out across your estate. As each device enrols, it’s evaluated against the five controls and any remediation that can be done remotely is applied automatically. You watch the compliance score climb from a dashboard.
3. Submission & certification (weeks 3–4 for CE)
You answer the business-context questions in the questionnaire. We attach the technical evidence pack the agent has generated and submit to IASME. Cyber Essentials is typically issued within a few working days. For CE+, we then book the assessor and prepare the device sample.
4. Renewal & ongoing (year 2+)
Because the agent has kept you continuously compliant, renewal is largely paperwork. The certification fee, the IASME submission, the agent, the patching, the training and the policy manager are all included in your monthly subscription — no surprise renewal invoice.
Related cybersecurity services we offer
Cyber Essentials is the baseline. If you’re certifying because a customer or insurer is asking for it, you may also want to look at:
- Managed Detection & Response (MDR) — 24/7 UK SOC actively hunting for threats on your endpoints, beyond the preventative controls Cyber Essentials covers.
- SIEM Security Monitoring — centralised log analysis so you can see attacks across your whole estate in one place.
- Mobile Device Management (MDM) — required for Cyber Essentials if any phone or tablet accesses company data, including BYOD.
- Business IT Support & Pulseway RMM — proactive monitoring and patching that keeps every Cyber Essentials control green between renewals.
- IT Managed Services — full-service IT for businesses that want one provider for security, support and infrastructure.
Cyber Essentials & Cyber Essentials Plus — FAQs
The questions UK businesses ask us most often about Cyber Essentials, Cyber Essentials Plus, pricing, the technical controls, and what’s involved in being certified.
What is Cyber Essentials?
Cyber Essentials is a UK government-backed cybersecurity certification scheme administered by IASME on behalf of the National Cyber Security Centre (NCSC). It certifies that an organisation has the five technical controls in place that would block the vast majority of common internet-borne attacks: a properly configured firewall, secure device configuration, user access control, malware protection and security update management.
What is the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials is a self-assessment questionnaire validated by IASME. Cyber Essentials Plus is the same five technical controls — but verified by an independent IASME-licensed assessor through an external vulnerability scan, an internal authenticated scan of a sample of every device type, and email/web malware tests. Plus is required for many UK government and MoD contracts; basic Cyber Essentials is often the baseline.
How much does Cyber Essentials cost in the UK?
On the Connection Technologies managed plan, Cyber Essentials starts at £103/month (£1,025/year ex VAT) for 1–9 users and includes the IASME submission and certification fee, our compliance agent on every device, third-party patching, security awareness training and policy templates. Cyber Essentials Plus starts at £272/month (£2,716/year ex VAT) and includes everything in Cyber Essentials plus the independent technical audit. All prices are ex VAT.
How long does it take to get Cyber Essentials certified?
On a managed plan, basic Cyber Essentials typically takes 2–4 weeks from kick-off — most of that is our agent reaching every device and remediating any technical gaps automatically. Cyber Essentials Plus takes 4–8 weeks because the independent audit must be booked within 3 months of basic Cyber Essentials being issued, and the assessor needs roughly 3 weeks of lead time.
Do we need Cyber Essentials Plus or is basic Cyber Essentials enough?
For most UK SMEs the basic Cyber Essentials certificate is enough — it covers procurement requirements for many private-sector contracts, qualifies you for the free £25,000 IASME cyber-liability insurance and gives you the credibility badge for your website. Cyber Essentials Plus is required if you handle MoD contracts, sensitive government data, or if your supply chain explicitly mandates it (large enterprises and the NHS increasingly do). When in doubt, ask the contract owner — most procurement portals state which level they require.
What are the five Cyber Essentials controls?
The five technical controls are: (1) Firewalls — every internet-facing device must have a properly configured firewall; (2) Secure configuration — devices and software must be configured to reduce vulnerabilities (no default passwords, unused software removed, etc.); (3) User access control — user accounts assigned only to authorised individuals with the minimum access needed, with multi-factor authentication on cloud services; (4) Malware protection — anti-malware software, application allow-listing or sandboxing on every endpoint; (5) Security update management — operating systems and applications kept patched and within their vendor-supported lifetime. Our agent enforces all five automatically.
What is included with Cyber Essentials Plus when bought through Connection Technologies?
The Complete Bundle includes: Cyber Essentials self-assessment, Cyber Essentials Plus audit by an IASME-licensed assessor, our Active Protect agent on up to 5 devices per user (Windows, macOS, iOS, Android), 3rd-party app patching for Windows and Mac, 70+ module security-awareness training (Learn) with phishing simulation, the Privacy Toolbox of GDPR templates, and our Smart Policies template manager. Pricing is published on this page (RRP, ex VAT, UK only).
Does Cyber Essentials cover BYOD (employee-owned mobiles and laptops)?
Yes — and this is one of the biggest changes in the current Cyber Essentials standard. Any device used by an employee to access organisational data or services is in scope, including personal phones used for work email. You either need to enrol BYOD devices into management (so the controls can be enforced) or remove them from scope entirely (e.g. through a hardened bring-your-own-device policy that blocks data access from unmanaged devices). Our managed service handles the enrolment side via mobile device management.
How does Connection Technologies "do the heavy lifting" for Cyber Essentials?
We install a lightweight compliance agent on every in-scope device. The agent continuously scans against the Cyber Essentials technical controls, automatically pushes the fixes that can be remediated remotely (firewall configuration, secure-config baselines, app patching, MFA enforcement on cloud services), surfaces a compliance score per device, and produces the evidence pack that gets submitted to IASME. You answer business-context questions; we handle the technical evidence and renewal cycle.
Do you provide the £25,000 cyber-liability insurance with Cyber Essentials?
Yes — when you certify through Connection Technologies (an IASME-aligned partner), eligible UK organisations with annual turnover under £20 million automatically receive £25,000 of free cyber-liability insurance with their Cyber Essentials certificate at no extra cost. The cover is renewed annually with your certification.
How often do I need to renew Cyber Essentials?
Cyber Essentials and Cyber Essentials Plus must be renewed every 12 months from the certification issue date to remain valid. On our managed plan, renewal is built into the subscription — our agent keeps you continuously compliant between certifications, so renewal is largely a paperwork exercise rather than a re-implementation project.