FAQs2025-05-14T01:11:34+01:00

FAQs

In here you’ll find our frequently asked questions. If you don’t find your answer please contact us.

Cyber Security FAQs

Cyber security is difficult to understand, where do I start?2025-05-14T01:03:14+01:00

Cyber security solutions are not a one size fits all. Businesses need a layered approach to defence, monitoring and remediation.

Cyber security doesn’t have to be as difficult to manage and understand as most organisations think; we will guide you through best practices and solutions that will leave you better equipped to deal with the threats to your organisation.

What types of business are most at risk of a cyber-attack?2025-05-14T01:03:14+01:00

We unfortunately live in a time where all businesses, regardless of size or industry sector are at risk, whether directly or indirectly.

Whilst larger organisations are more likely to have technology, expertise, and processes in place to protect themselves against cyber-attacks, this isn’t always the case. Smaller businesses are less likely to have the necessary resources and so may find themselves at greater risk of attack from hackers.

I don’t need to worry about security, all my employees are remote workers.2025-05-14T01:03:14+01:00

Without the proper protections in place, this can increase the risk of attack as it opens up a number of factors and vulnerabilities.  Employees may be working on unsecured networks or in locations such as coffee shops.

I’m a small business, why would cyber criminals attack me?2025-05-14T01:03:14+01:00

Every business it at risk of a cyber-attack. Cyber criminals will regularly send out completely random attacks such as a phishing email for example, all it takes is one click and your business may be at risk from compromise.

ISO 27001 FAQs

What are the benefits of ISO 27001 certification?2025-05-14T00:56:20+01:00

ISO 27001 is an internationally recognised standard that when implemented correctly provides assurance of your commitment to protect your business information. You can read more about the benefits of implementing ISO 27001 on our ISO 27001 Implementation Service page.

Is ISO 27001 only suitable for large organisations?2025-05-14T00:56:20+01:00

ISO 27001 can be implemented into organisations of any size, ranging from micro businesses to global enterprises. The standard is flexible to allow for the controls to be applied in a way that is relevant to you.

How long does it take to achieve ISO 27001 certification?2025-05-14T00:56:20+01:00

How long it takes to achieve ISO 27001 certification very much depends on factors such as the complexity of processes, and how quickly you want to achieve certification. We have carried out implementations from anywhere between 3 months to 2 years.

What is the difference between ISO 27001 and Cyber Essentials?2025-05-14T00:56:20+01:00

Both certifications have merit in their own right and also co-exist very nicely together. But fundamentally, they are very different. Think of Cyber Essentials as having an MOT done on your car – there are a list of criteria that you must comply with to gain certification. ISO 27001 is a little different. More like when you go to buy a new car; there are certain things the car must have, (such as lights, brakes and a steering wheel) and then there are options that you get to choose which you have (heated seats, sunroof, colour etc). You can find out more about the differences between ISO 27001 and Cyber Essentials in our dedicated blog.

Cyber Essentials FAQs

What are the benefits of Cyber Essentials certification?2025-05-14T00:56:20+01:00

By having Cyber Essentials certification, you will be more protected against the most common security threats. It helps build trust with customers by demonstrating that cyber security is important in your organisation. All certified organisations are listed on the NCSC’s certification database. It also strengthens your supply chain. Finally, having Cyber Essentials will also allow you the opportunity to bid for UK Government and MOD tenders. You can read more about Cyber Essentials on our Cyber Essentials Certification Services page.

What is the difference between Cyber Essentials and Cyber Essentials Plus?2025-05-14T00:56:20+01:00

Cyber Essentials is a verified self-assessment certification that demonstrates an organisation has the required cyber security controls in place. Cyber Essentials Plus is based on the same technical requirements as Cyber Essentials, but it also includes a technical audit of your IT systems, to verify the controls are in place. This gives a higher level of assurance that an organisation has correctly implemented the controls. You can read more about the difference between Cyber Essentials and Cyber Essentials Plus on our Cyber Essentials Certification Services page.

What if we need some guidance with Cyber Essentials?2025-05-14T00:56:20+01:00

Shift Key Cyber are an Assured Service Provider for NCSC. The Cyber Advisors (Cyber Essentials) scheme is specifically aimed to help UK small and medium organisations by offering reliable and cost-effective cyber security advice, and where required, practical hands-on support to help guide businesses through the Cyber Essentials process and certification. You can find out more about our Cyber Advisor Service on our dedicated page.

How much does Cyber Essentials cost?2025-05-14T00:56:20+01:00

Cyber Essentials follows a tiered pricing structure depending on the size of your business. It is a verified self-assessment process which follows the pricing structure shown in the table below.

Business Size Cost

Micro organisations (0-9 Employees)

£320 + VAT

Small organisations (10-49 Employees)

£440 + VAT

Medium Organisations (50-249 Employees)

£500 + VAT
Large Organisations (250+ Employees) £600 + VAT
How much does Cyber Essentials Plus cost?2025-05-14T00:56:20+01:00

This depends on the size and complexity of your network. Please contact us for advice and further information and a quote.

What is the difference between ISO 27001 and Cyber Essentials?2025-05-14T00:56:20+01:00

Both certifications have merit in their own right and also co-exist very nicely together. But fundamentally, they are very different. Think of Cyber Essentials as having an MOT done on your car – there are a list of criteria that you must comply with to gain certification. ISO 27001 is a little different. More like when you go to buy a new car; there are certain things the car must have, (such as lights, brakes and a steering wheel) and then there are options that you get to choose which you have (heated seats, sunroof, colour etc). You can find out more about the differences between ISO 27001 and Cyber Essentials in our dedicated blog.

Virtual CISO as a Service FAQs

What is a vCISO?2025-05-14T00:58:50+01:00

A virtual Chief Information Security Officer provides oversight and strategic leadership in information and cyber security. Our service gives your organisation access to security expertise from a trusted advisor who will work with your team to provide strategic risk management and assurance activities across people, process, and technology.

How can a vCISO help my business?2025-05-14T00:59:02+01:00

In our experience, small and medium organisations do not always have the requirement for a full time CISO but still require strategic leadership across the business to advise on risk and oversee governance and regulatory compliance in relation to information and cyber security.

A vCISO can optimise security plans and move from a tactical position to a more strategic one.

Will I get one dedicated consultant?2025-05-14T00:59:07+01:00

Yes, you will have an experienced consultant working with you throughout our time together, offering their extensive expertise and capability.

How much does vCISO as a Service cost?2025-05-14T00:59:13+01:00

At our initial discussion we will establish your requirements and then agree a subscription model that will be tailored to your needs. This flexible and cost-effective approach is unique to the specific needs and goals of your organisation and budget.

How long will I need this service?2025-05-14T01:00:01+01:00

Our service is flexible and will be based on our understanding of your business and your requirements. We have customers that have the service for an ongoing number of days per month or for the duration of a project. It can be scaled too if your business grows.

Security Manager as a Service FAQs

How can Security Manager as a Service help my business?2025-05-14T00:59:32+01:00

You may not have the requirement to have a full-time Security Manager in place. Our service gives you the flexibility and access to a dedicated and experienced consultant to help manage information and cyber risk across your organisation whilst providing governance and regulatory assurance.

Will I get a dedicated consultant?2025-05-14T00:59:36+01:00

Yes, you will have a dedicated and experienced consultant with up-to-date knowledge of the latest standards, regulations, and technologies.

How much does Security Manager as a Service cost?2025-05-14T00:59:42+01:00

At our initial discussion we will establish your requirements and then agree a subscription model that will be tailored to your needs. This flexible and cost-effective approach is unique to the specific needs and goals of your organisation and budget.

How long will I need this service?2025-05-14T01:00:01+01:00

Our service is flexible and will be based on our understanding of your business and your requirements. We have customers that have the service for an ongoing number of days per month or for the duration of a project. It can be scaled too if your business grows.

Did you know?

0%
of UK businesses have identified cyber attacks
0%
of attacks against UK businesses are phishing attacks
0%
of UK businesses have acted to identify cyber security risks
Go to Top