Why get Cyber Essentials Plus certified?

28/11/23 Wavenet
Why get Cyber Essentials Plus certified?

The direct cost, recovery cost and long-term cost of security breaches are growing year-on-year. According to the 2022 Cyber Security Breaches Survey, 39% of UK businesses identified a cyber security breach or attack with the average cost of a data breach being between £4,200 and £19,400. 

Achieving a Cyber Essentials accreditation is a great framework to address the basics of cyber security, but is it enough? Once achieved, you certainly need to be thinking about the next level of your cyber security strategy and the Government-backed Cyber Essentials Plus accreditation offers businesses the opportunity to do this. Industry experts, including the National Cyber Security Centre (an independent organisation), all agree that the benefits of upgrading to Cyber Essentials Plus are too good to ignore. 

What is the difference between Cyber Essentials and Cyber Essentials Plus? 

Whether you are working towards your Cyber Essentials or your Cyber Essentials Plus accreditation, it is all about how your business is adhering to a set of requirements that an independent, government-backed, certified body deems appropriate. The same list of requirements is needed for both accreditations; however, the real difference lies in how you are assessed on these requirements. 

Cyber Essentials is a self-assessment on how you are adhering to cyber security procedures. 

Cyber Essentials Plus is more in-depth and involves an independent external certified body examining your cyber security. This can be done via simulated phishing attacks and basic hacking procedures to confirm that you are adhering to the set of security requirements needed. To complete the assessment, you will also need to pass a final technical audit. 

In theory, if you have passed your Cyber Essentials accreditation and are adhering to all the agreed requirements, then there is no reason you should not pass your Cyber Essentials Plus accreditation. 

It may sound like there is a lot more effort required to achieve a Cyber Essentials Plus certification, but the benefits are huge. 

Why that “plus” makes all the difference

There are many reasons why you should upgrade to Cyber Essentials Plus, and this can depend on your business’s motivations. 

A key reason for the upgraded certification is so that you, as a business, are highlighting the fact that you take security and data protection seriously. With cyber-attacks constantly in the news, having a strong stance on cyber security is a much-needed virtue in today’s modern business world. 

This has a direct impact on another crucial factor to consider which is whether to upgrade your certification. If you are demonstrating that security and data protection is taken seriously within your organisation then this puts your company in an advantageous position when bidding for new contracts, suppliers, or tenders. The same survey highlighted that 84% of businesses found that having this accreditation made it easier for them to win contracts. Imagine one of your prospects has gone to tender and security is a key factor for them. If your competitor has Cyber Essentials and you are Cyber Essentials Plus accredited, who would you choose? 

Another significant reason to upgrade is for peace of mind that you are demonstrating the highest cyber security standards internally. Cyber Essentials Plus encompasses a far greater number of cyber assessments, thereby providing you with a better understanding of your own organisation’s levels of cyber risk. Your business is only as secure as your internal security policies. It is extremely easy to complete a self-assessment form stating you are adhering to cyber security protocols, but having your protocols evaluated by an external body can give you peace of mind that you’ve taken the extra steps needed to be cyber-secure. 

And finally, Cyber Essentials Plus may not be a desire for your business, but a necessity. Businesses within certain industries (Health, Telecoms etc.) are now required to obtain Cyber Essentials Plus certification. Whilst Cyber Essentials allows organisations to work with the Government, a Cyber Essentials Plus accreditation can open your business to new markets such as the opportunity to work with the MOD. 

Advice on how to pass Cyber Essentials Plus… 

It may seem hard to achieve but we are on hand to guide and offer advice on how to pass Cyber Essentials Plus first time. 

As independent assessors who offer Cyber Essentials Plus, we have experience of working with a wide variety of organisations, going through the same process daily. 

As with anything in life, you get out what you put in, and nothing could be truer with Cyber Essentials Plus. The more preparation you put in, the more likely you are to pass. On average, it takes seven days to achieve and if you do fail, you must start right back at the beginning. 

Repeatedly, we see businesses take time out to prepare for the assessment and pass first time. However, we have also seen overconfident and ill-prepared organisations who fail, which wastes company time and money. 

To summarise in one word the key to passing Cyber Essentials Plus: Preparation. 

How Wavenet CyberGuard can help… 

With organisations keen to adhere to cyber security regulations, there is no better time to upgrade your Cyber Essentials accreditation to a Cyber Essentials Plus certification. 

CyberGuard Technologies - a division of Wavenet, a company that has been in business for over 20years and understands the industry - can offer help and guidance on the best practices of being cyber-secure. 

Our cyber team can guide your business through the steps to accreditation with minimal fuss, whether that is upgrading from Cyber Essentials or our whole package which includes Cyber Essentials and Cyber Essentials Plus certification. 

We will assist you through the entire process and will be on hand to help you with any questions you may have. Once you’ve passed the Cyber Essentials Plus accreditation, you’ll be able to display the Cyber Essentials Plus logo on your website and marketing literature to demonstrate to your customers, suppliers, investors and stakeholders that your organisation is taking the advanced steps to protect your business from cyber threats and that you take cyber security seriously.

Cyber Security

Latest blogs

See all posts
Microsoft 365 e3 vs e5
Microsoft 365 E3 vs E5 – what’s the difference for your business?

Choosing the right Microsoft 365 licence can make all the difference – from managing costs to ensuring security and compliance. Here’s a side-by-side comparison of the two enterprise plans, so you can decide what works best for your organisation.

Read more
Placeholder thumbnail
Webinar - Wavenet and Mitel’s vision for 2025 & beyond

Webinar summary: future-proofing business communications with Mitel & Wavenet As communication continues to evolve, choosing the right partner is essential. This exclusive webinar, hosted by Wavenet in partnership with Mitel, featured Stuart Aldridge (UK Head of Mitel), Emma Westland (Strategic Director at Zoom) and Barry Ward (Product Director at Wavenet), delivering a forward-looking session focused on the future of unified communications (UC) for Mitel, Zoom and Wavenet.

Read more
A happy house tenant is using an app on her phone to report a home issue to her housing provider
From risk to resolution: how Active Assessor helps you stay ahead of Awaab's Law

What does Awaab's Law mean and why does it matter? Damp and mould aren’t just inconvenient maintenance problems - they’re serious risks to tenant health, regulatory compliance, and the reputation of housing providers. Nearly 1 in 7 social homes in England failed to meet the Decent Homes Standard in 2023¹. On top of that, the NHS is estimated to spend £1.4 billion a year treating health issues related to cold, damp housing². And yet, more than half of tenants experiencing condensation, damp or mould don’t report it. Often, they don’t recognise the early signs, or they simply don’t believe they’ll be taken seriously. This silence leaves landlords in the dark and turns small, fixable issues into expensive, high-risk problems. From October, social landlords will be legally required to fix emergency hazards within 24 hours and investigate and repair dangerous damp and mould within set timeframes, under new legislation known as Awaab’s Law. Introduced in memory of two-year-old Awaab Ishak, who tragically died in 2020 after prolonged exposure to mould in his social housing, the law represents a major step toward improving housing safety and quality. It allows tenants to take legal action if landlords fail to comply and will be rolled out in phases, beginning with damp and mould, to ensure effective implementation. This approach aims to deliver meaningful, lasting change while honouring the efforts of Awaab’s family to secure justice. Awaab’s Law also supports the government’s broader plan for change, which includes a commitment to building 1.5 million new homes and delivering the biggest improvement to social and affordable housing in a generation. The challenge: strained teams & outdated systems Most housing providers care deeply about tenant safety. The problem isn’t willingness—it’s capacity. Maintenance teams, IT departments, and customer contact centres are already stretched thin. Spotting early-stage issues requires tools they simply don’t have. Traditional, manual inspections are expensive and slow. Reactive workflows leave little room to get ahead of problems. And despite growing demand for proactive service, only 13% of customers actually receive it. The systems many teams rely on today are fragmented, outdated, and not fit for the pressures of a post-Awaab world. The solution: Active Assessor by 8x8

Read more
Placeholder thumbnail
Top 5 benefits of a network intelligence solution

Do you know exactly what’s going on in your network, or is it all a bit of a mystery? If you’re in the dark, it could be costing you more than you think. Without visibility into your network, you can’t stop downtime before it starts. With downtime costing an average of £7000 per minute (1) that’s a high price to pay.

Read more
Placeholder thumbnail
Struggling with digital delivery? It’s time to look at your network

The NHS isn’t short on digital ambition. Across the country, Trusts are working hard to roll out Electronic Patient Records, launch virtual wards and connect services across Integrated Care Systems. The vision is clear. But the path forward? Often less so.

Read more
Placeholder thumbnail
Building resilience in the public sector: a strategic guide

Beyond traditional cyber security: how to create an effective cyber resilience plan In an era where cyber threats are growing in scale and sophistication, public sector organisations must go beyond traditional cyber security. While many may feel like they are too small a target to fall victim to the headline-grabbing attacks we see in the news, it is the unfortunate truth that all organisations are at risk, whether they turn over vast amounts of money or not. Therefore, the ability not only to defend against attacks, but also to recover quickly and continue delivering essential services is of paramount importance.

Read more

Stay service-savvy

Get all the latest news and insights straight to your inbox.