A detailed, side-by-side comparison to help you decide which UK government-backed certification is right for your organisation.
Both certifications protect against the most common cyber attacks, but they differ in cost, assessment method, and level of assurance. Read on to find the best fit for your business.
| Feature | CE Basic | CE Plus |
|---|---|---|
| Assessment Type | Self-assessment questionnaire | Hands-on technical testing |
| Price (Micro 0-9) | £320 | £1,200 |
| Price (Small 10-49) | £440 | £1,350 |
| Price (Medium 50-249) | £500 | £1,700 |
| Price (Large 250+) | £600 | £2,100 |
| Fast Track | 12 hours | N/A |
| Standard Delivery | 48 hours | 3-5 days |
| Testing Method | Self-assessed | Qualified technical assessor |
| Scope | Policy & process review | Active security testing |
| Includes Retries | Unlimited | Unlimited |
| Certificate Duration | 12 months | 12 months |
| Cyber Insurance | £25,000 indemnity | £25,000 indemnity |
Assessment Type
CE Basic
Self-assessment questionnaire
CE Plus
Hands-on technical testing
Price (Micro 0-9)
CE Basic
£320
CE Plus
£1,200
Price (Small 10-49)
CE Basic
£440
CE Plus
£1,350
Price (Medium 50-249)
CE Basic
£500
CE Plus
£1,700
Price (Large 250+)
CE Basic
£600
CE Plus
£2,100
Fast Track
CE Basic
12 hours
CE Plus
N/A
Standard Delivery
CE Basic
48 hours
CE Plus
3-5 days
Testing Method
CE Basic
Self-assessed
CE Plus
Qualified technical assessor
Scope
CE Basic
Policy & process review
CE Plus
Active security testing
Includes Retries
CE Basic
Unlimited
CE Plus
Unlimited
Certificate Duration
CE Basic
12 months
CE Plus
12 months
Cyber Insurance
CE Basic
£25,000 indemnity
CE Plus
£25,000 indemnity
Use these guidelines to pick the certification level that matches your business requirements.
Need both? Save with our CE Bundle
Combine CE Basic + CE Plus into a single, streamlined package at a reduced price.
Understand the practical implications of each certification level.
CE Basic uses a self-assessment questionnaire reviewed by an accredited body. CE Plus adds hands-on technical testing -- vulnerability scans, configuration reviews, and simulated phishing -- carried out by a qualified technical assessor.
CE Basic can be completed in as little as 12 hours (Fast Track) or 48 hours (Standard). CE Plus requires 3-5 days to allow for scheduling and conducting the technical assessment.
CE Basic confirms you have appropriate security policies and processes in place. CE Plus independently verifies those controls are implemented correctly and actually prevent real-world attacks.
Common questions about the differences between Cyber Essentials and Cyber Essentials Plus.
Cyber Essentials (Basic) is a self-assessment questionnaire where your organisation answers questions about its security controls. Cyber Essentials Plus includes all of that plus hands-on technical testing by a qualified technical assessor who actively verifies your defences through vulnerability scanning, configuration checks, and simulated attacks.
Yes. Cyber Essentials Plus builds on top of Cyber Essentials Basic. You must hold a valid Cyber Essentials (Basic) certificate before you can proceed to the Plus assessment. Net Sec Group offers a CE Bundle that combines both certifications into one streamlined process.
Cyber Essentials Basic is the minimum requirement for bidding on UK government contracts that involve handling certain sensitive information. However, some contracts specify Cyber Essentials Plus, particularly those dealing with personal data or critical national infrastructure. Always check the specific contract requirements.
Cyber Essentials Basic can be completed in as little as 12 hours with our Fast Track service, or 48 hours with Standard delivery. Cyber Essentials Plus typically takes 3-5 days as it involves on-site or remote technical testing by a qualified technical assessor.
Yes. Net Sec Group offers a CE Bundle option that combines both certifications into a single, cost-effective package. The bundle streamlines the process so you move from Basic straight into the Plus assessment without delay. Visit our CE Bundle Options page for pricing details.
Both Cyber Essentials Basic and Cyber Essentials Plus include unlimited retries at no additional cost when you certify with Net Sec Group. If gaps are identified, our assessors provide clear guidance on what needs to be fixed so you can re-submit or re-test and achieve certification.
Cyber Essentials Plus provides independent, hands-on verification that your security controls actually work in practice - not just on paper. It is strongly recommended if you handle sensitive customer data, operate in a regulated industry, or want to demonstrate a higher level of assurance to clients and partners. Many organisations find the additional confidence and competitive advantage well worth the investment.
Cyber Essentials Basic is a self-assessment: your organisation completes the questionnaire, which is then reviewed by an IASME-accredited certification body such as Net Sec Group. Cyber Essentials Plus is assessed by a qualified technical assessor who carries out hands-on testing of your systems, devices, and configurations.
Cyber Essentials Basic starts from £320 for micro organisations (0-9 employees) and scales based on organisation size. Cyber Essentials Plus starts from £1,200 for micro organisations. Bundle pricing is available when you purchase both certifications together. Visit our pricing pages for exact quotes based on your organisation size.
Both Cyber Essentials Basic and Cyber Essentials Plus certificates are valid for 12 months from the date of issue. After that, you must renew your certification to maintain compliance. Net Sec Group offers a streamlined renewal process to make annual re-certification as smooth as possible.
Choose your certification level and get started today. Our IASME-accredited team is ready to guide you through every step.
Not sure which one you need? Speak to our team.
Contact us for free advice