Stage 1 

Are you looking to implement cyber security foundations into your organisation, but don't know how?  

IASME's Cyber Essentials (CE) is a government-backed scheme ideal for any business looking to take the first step in their cyber security journey. It consists of 5 technical controls to protect against the most common types of Cyber Attacks –including phishing attacks, malware, ransomware, password guessing or network attacks – which are designed to be easily implemented and adaptable to suit every business, regardless of size or sector.  

The NCSC reported 7.7 million cyber crimes were experienced within the last year – almost half of all businesses – making it even more crucial for businesses to ensure that they have foundations in place to protect themselves.* If you do not currently hold Cyber Essentials and CE Plus, we would recommend that you start by gaining certification as the initial step towards Cyber Resilience. 

*NCSC Cyber Essentials

IASME Cyber Resilience Roadmap

What are the benefits of Cyber Essentials certification? 

Cyber Essentials offers any business the chance to better protect themselves from 80% of commodity threats. Other benefits include: 

  • An affordable scheme for small and medium businesses.  
  • Demonstration of basic cyber hygiene as part of supply chain assurance.  
  • An extra layer of defence for organisations of all sizes, even when they have other schemes and standards in place.  
  • Included automatic cyber liability insurance for any UK organisation who certify their whole organisation and have less than £20m annual turnover. 

Stage 2 

Cyber Essentials certification is just the beginning of your journey towards Cyber Resilience. If you already have Cyber Essentials in place, a next step could be to certify for IASME's Cyber Assurance standard. 

Cyber Assurance (CA) certification is a way to demonstrate that you hold and manage data in a secure way, giving customers and stakeholders assurance that you are taking GDPR, Information Security, and Management seriously. It involves two levels and offers organisations the chance to implement a similar set of controls as ISO 27001, but is more affordable and achievable, making it an ideal alternative for smaller to medium-sized businesses to implement. CA certification is widely recognised across industry sectors as a demonstration of applying appropriate controls to mitigate cyber risks within the supply chain.  

The standard has also been recently updated to better reflect the needs of businesses depending on their size, providing greater value and a cost-effective solution for small to medium-sized enterprises to help them protect what matters most. 

Level One 

You will need to pass Level One before you can apply for Level Two. Level One involves a verified self-assessment, whereby you will answer questions provided and submit your answers to be marked by an external Assessor. The cost of Level One will depend on the size of your organisation. 

Level Two 

Level Two involves an independent audit of your processes, procedures and controls by an IASME-assured Assessor. The Assessor will audit appropriate documentation, staff understanding and awareness, and observe activities before determining whether you have passed.  

What are the benefits of Cyber Assurance certification? 

Cyber Assurance certification, supported by Cyber Essentials, is an all-round cyber security standard which addresses the needs of all organisations, but offers flexibility, so that you only cover what is needed for the size of your organisation.  

Benefits include: 

  • Strengthened cyber security measures and improved risk management. 
  • Cost effective and accessible for SMEs. 
  • Competitive advantage against those without certification, demonstrating commitment to improving your organisation's security. 
  • Increased employee education, leading to less cyber risks and faster response times for incidents.  
  • Legal and regulatory compliance (including GDPR), preventing potential fines or legal issues. 
  • Developed business continuity plans, ensuring smooth recovery if an incident occurs.  

For further information on how we can help your organisation become more cyber resilient, visit our Cyber Essentials Services page, or book a free 30-minute consultation with us for more detail.

Related Posts

How Well Do You Know Your Incident Response Plan?
How Well Do You Know Your Incident Response Plan?
Gallery

How Well Do You Know Your Incident Response Plan?

November 26, 2025
Did You Know NCSC’s Cyber Assessment Framework (CAF) Has Been Updated?
Did You Know NCSC’s Cyber Assessment Framework (CAF) Has Been Updated?
Gallery

Did You Know NCSC’s Cyber Assessment Framework (CAF) Has Been Updated?

November 5, 2025
We Are A NCSC Assured Cyber Resilience Audit Service Provider
We Are A NCSC Assured Cyber Resilience Audit Service Provider
Gallery

We Are A NCSC Assured Cyber Resilience Audit Service Provider

October 1, 2025
Internal Audits Explained: The Purpose, Process And Benefits
Internal Audits Explained: The Purpose, Process And Benefits
Gallery

Internal Audits Explained: The Purpose, Process And Benefits

September 2, 2025