ALL SYSTEMS LOOKED AFTER · LEICESTER HQ MON–FRI 08:00–17:30 LEICESTER --:--:-- SUPPORT 0116 222 5322
Cyber Security

Cyber Essentials: a plain-English guide for Leicester businesses

18 June 2026 · 6 min read

More and more Leicester businesses are being asked a pointed question by their insurers, their customers and the contracts they bid for: are you Cyber Essentials certified? If you are not sure what that means, or whether you even need it, this guide explains it in plain English.

Cyber Essentials is a simple, government-backed way to show your business has the basic protections in place to stop the most common cyber attacks. Here is what it covers, why it increasingly matters, and how to get certified without it taking over your week.

What is Cyber Essentials?

Cyber Essentials is a UK government-backed certification scheme, run by the National Cyber Security Centre (NCSC) and delivered through IASME. It sets out five basic technical controls that, between them, protect against around 80% of common internet-based attacks. Think of it as the security equivalent of locking your doors and windows. It is not the whole answer, but it stops most opportunists.

Why it matters more than it used to

A few years ago Cyber Essentials was a nice-to-have. Today it is often a requirement:

  • Cyber insurance. Many insurers now expect it before they will quote, or they offer better terms when you have it. Some bundle a level of cover with certification.
  • Winning work. If you bid for public sector contracts, Cyber Essentials is frequently mandatory. Private clients increasingly ask for it too, as part of checking their supply chain.
  • Real protection. The controls genuinely lower your risk. Most attacks on small businesses are automated and opportunistic, and these basics shut the door on them.

The five controls

Certification is built around five areas. None of them are exotic, but all of them need doing properly and keeping up:

  • Firewalls. A secure boundary between your network and the internet, configured correctly rather than left on the defaults.
  • Secure configuration. Devices and software set up to remove unnecessary features, default passwords and anything that widens your attack surface.
  • User access control. People only have access to what they need, admin rights are limited, and accounts are protected with multi-factor authentication on the things that matter.
  • Malware protection. Anti-malware in place and active across your devices.
  • Security update management. Operating systems and software kept patched and up to date, with anything out of support removed.

Cyber Essentials vs Cyber Essentials Plus

There are two levels.

Cyber Essentials is a verified self-assessment. You answer a set of questions about how your systems are set up, and your answers are reviewed and certified. It is the right starting point for most businesses.

Cyber Essentials Plus covers the same five controls, but an assessor independently tests your systems to confirm those controls are actually working. It carries more weight, and some contracts ask for it specifically. The usual route is to achieve Cyber Essentials first, then step up to Plus.

How long does it take, and what does it cost?

For a well-run small business, certification can often be achieved in a few weeks, most of which is spent tidying up configuration rather than filling in forms. The certification fee itself is modest and is tiered by the size of your organisation. The bigger variable is the work needed to meet the controls in the first place, which is exactly where the right support pays for itself.

How we help Leicester businesses get certified

Getting certified is far easier when someone who knows the scheme does the heavy lifting. We start with a gap analysis to see where you stand against the five controls, fix anything that falls short as part of your cyber security support, then guide you through the assessment itself. Because we already handle the patching, access control and backup for the businesses we look after, most of the groundwork is something we do day to day anyway.

The result is certification that is genuine rather than a paper exercise, and that keeps standing up year after year when you renew.

Where to start

If your insurer or a customer has asked whether you are certified, or you simply want the reassurance that the basics are covered, the first step is a quick look at where you are now. We can run that gap analysis and tell you honestly how far off you are and what it would take to close the gap.

Related services

How we can help

Cyber Security

Layered IT security: endpoints, email, identity and staff awareness.

Backup & Disaster Recovery

Automated, verified data backup with a tested recovery plan behind it.

← Back to all articles

Get in touch

Ready for IT support that feels like a partner, not a supplier?

Send us a message and we'll be in touch, or call the team. We'll listen to what's frustrating you, take an honest look at your setup, and tell you exactly how we'd make it better. No obligation, no jargon.

0116 222 5322MON–FRI 08:00–17:30 info@realtimeits.co.ukWE REPLY FAST
3 St. Matthews Business CentreGOWER ST, LEICESTER LE1 3LJ

Send us a message

By submitting, you agree to our Privacy Policy.