Does my Business need Cyber Essentials Certification for Government Contracts?

A UK Government-backed scheme, Cyber Essentials helps organisations to protect themselves against common cyber threats.

By achieving Cyber Essentials your company demonstrates that they have considered and committed to increasing their defences against common cyber threats and reduce their vulnerabilities to an accredited government standard.

For certain businesses, Cyber Essentials is a mandatory requirement to secure contracts, we consider the conditions under which certification is necessary.

Does my Business need Cyber Essentials Certification for Government contracts?

Cyber Essentials is mandatory for businesses looking for specific government contracts.

Without Cyber Essentials, you will not be able to bid for such contracts. Often these contracts will involve delivering certain IT products and services and the handling of personal information.

Government contracts where your business will be required to:

  • Deliver IT services or products that are designed to process, transfer or store data at an official level.

  • Handle the personal information of any UK citizens; i.e. home addresses or bank details.

  • Handling any government employee personal information, ministers, or advisors; i.e. expenses or payroll.

  • Cyber Essentials certification has been mandated for businesses entering into contracts, forcing you to show you demonstrate you have achieved the set standards and can demonstrate that you have met the technical requirements - defined by the scheme.

If you’re looking to bid for government contracts that involve one of the characteristics mentioned above, it makes sense to consider achieving Cyber Essentials certification first and not waiting until the final hour to make your application.

The Ministry Of Defence requires that your supply chain must have cyber essentials

Does my Business need Cyber Essentials Certification for Ministry of Defence Contracts contracts?

Further emphasis is placed on businesses being Cyber Essentials certified by the UK Ministry of Defence (MOD), they require all suppliers to comply with the Cyber Essentials scheme.

The MOD has stated that this requirement must flow into your supply chain, which mandates that both organisations directly conducting business with the MOD, and organisations delivering to the MOD supply chain must be Cyber Essentials certified. Otherwise, they cannot win MOD contracts for businesses going forward.

Why should you get Cyber Essentials?

There are 6 reasons to gain Cyber Essentials certification:

  1. Helps to prevent up to 80% of cyber attacks.

  2. Reassure your customers that you are working to secure your systems against cyber attack.

  3. Attract new business with the promise you have cybersecurity measures in place.

  4. You have a clear picture of your organisation's cybersecurity level.

  5. (As above) Various government contracts require the Cyber Essentials certification.

  6. Cyber Essentials certification includes automatic cyber liability insurance for any UK organisation that certifies their whole organisation and have less than £20m annual turnover.

How can I become Cyber Essentials certified?

Our Trusted Partners are official providers of Cyber Essentials and Cyber Essentials Plus certification. To request Cyber Essentials via our Trusted Partner network, click here.

Does Cyber Essentials certification have an expiry date?

All new certificates issued by our Trusted Partners will have a 12-month expiry date.

How much does the Cyber Essentials certification cost?

The cost of Cyber Essentials (verified self-assessment) is £300 + VAT. The cost of a Cyber Essentials Plus assessment will depend on the size and complexity of your network. Please contact our Trusted Partners with any questions, they will provide advice and guidance.

Do I need to have Cyber Essentials before getting Cyber Essentials Plus?

No, you can go for Cyber Essentials Plus without obtaining the first level of Cyber Essentials. Your Certification Body will work with you to complete the Cyber Essentials questionnaire and verify compliance as part of the process of achieving Cyber Essentials Plus.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of Cyber Resilience Centre for Greater Manchester (CRCGM) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. CRCGM provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

CRCGM does not accept any responsibility for any loss which may arise from reliance on information or materials published on this website. CRCGM is not responsible for the content of external internet sites that link to this site or which are linked from it.


Cyber Resilience Centre GM, Manchester Technology Centre, Oxford Rd, Manchester, M1 7ED

0161 706 0940

Registered in England & Wales No.12309263.



  • LinkedIn
  • Twitter
Greater Manchester Logo Light.png

© 2021 - The Cyber Resilience Centre for Greater Manchester