Cyber Essentials Security Review & Gap Assessment

Cyber Essentials – Is your business protected?

What is Cyber Essentials?

Cyber Essentials is a Government-backed and industry supported scheme that is part of the UK’s National Cyber Security Programme. The main objective of Cyber Essentials is to ensure that organisations have effectively implemented the controls required by the Scheme, in order to defend against the most common and unsophisticated forms of cyber attacks.

The scheme provides organisations with:

Clear guidance on what good cyber security looks like
An Assessment to test whether your organisation has the five key controls in place, that, when implemented correctly, can prevent around 80% of cyber-attacks
Granting the certification if the Assessment is passed

There are two levels of certification that can be achieved:

Cyber Essentials requires the organisation, with help from a practitioner, to complete a self-assessment questionnaire, with responses independently reviewed by an external certifying body.

Cyber Essentials Plus covers the same requirements as Cyber Essentials but tests of the systems are carried out by an external certifying body, using a range of tools and techniques.

why your business needs cyber essentials

UK businesses are failing basic security measures

According to the annual Cyber Security Breaches Survey, conducted by the Department for Digital, Culture, Media and Sport to assess the security awareness and preparedness of businesses in the UK, it found that many UK companies are not following the basic security steps laid out as part of the Cyber Essentials scheme. For this reason, these businesses are not adequately equipped to pass the Cyber Essentials certification.


Cyber Essentials protects your business from the 65,000+ annual cyber attacks

It ensures basic cyber hygiene and keeps your business secure
It increases credibility, and reassures your clients, staff, and other stakeholders that your organisation has implemented the most important basic cyber security controls, and that their data is correctly protected
Cyber Essentials certification is a mandatory requirement to work with the UK government. Cyber Essentials Plus will give you the opportunity to work with the MoD. Organisations who wish to provide goods and services to the public sector will therefore need Cyber Essentials accreditation
Cyber Essentials helps organisations protect sensitive data by ensuring they implement solid security measures, which by default helps with GDPR compliance
Cyber insurance agencies look more favourably on organisations that have achieved Cyber Essentials certification, and many of them will offer you a discount on your cyber insurance premiums
Cyber Essentials offers organisations protection against the catastrophic financial implications of cyber attacks. Data breaches can cost SMEs £50-£150k and larger organisations can cost upwards of £500k

Why do you need a GAP Analysis before taking the Cyber Essentials Assessment?

1. Self-assessment is not the best route

It is possible to adopt a self-assessment route, which might be fine for some businesses – for example, smaller businesses with an in-house IT team. However, the questions are technical in nature, and for the majority of organisations the self-assessment route is not the best route. Cyber Essentials documents are free to download and any organisation can use the guidance to implement essential security controls, but the majority of organisations need to gain independent assurance that they have fully deployed the controls and are compliant.

2. Avoid costly repercussions of short-sighted advice

Some organisations will simply not be able to achieve Cyber Essentials without additional investment in hardware and software – which is why organisations will benefit from a GAP analysis delivered by experienced professionals., who are able to offer insightful, cost-effective, practical advice and solutions to achieve the certification.

3. Avoid failing the Assessment

The real benefit of a GAP analysis is that your provider should work with you until you are ready to be certified. ESyn3rgy’s approach ensures that you only need to go through the process once.

4. The GAP analysis offers exceedingly valuable insight, at no extra cost

ESyn3rgy will work with your organisation to deliver detailed security guidance whilst preparing your staff through education and awareness to meet the standard and the certification. The GAP analysis addresses the 5 recommended mitigation strategies and controls, and helps to identify Gaps in your existing security approach. This ultimately will improve cyber security standards across your organisation, with free, detailed reporting across non-compliance, remediation and guidance.


Why we are positioned to help

ESyn3rgy specialises in strategic technology planning. We deliver independent advice, robust systems thinking and interdisciplinary expertise in support of our mission: we are here to help you choose the right initiatives so that your technology is always enabling your business goals. Established since 2011, we are based in the UK and offer decades of industry experience working within the Public Sector amongst key Government Departments.

We have successfully implemented and continue to support what would be considered to be the most critical of systems – the infrastructure of one of the UK major blue light services. We are trusted by our Government Departments to manage and secure sensitive IT and infrastructure systems, including those classified as highly critical.

Cyber Security is a specialised field, requiring thorough knowledge of all prevailing and emerging security technologies. It also requires a clear understanding of the current threat landscape and the latest defence best-practice. Our Cyber Security team comprising of CISSP and CISM certified professionals, is trusted by the businesses and organisations we serve, to assist in navigating the myriad of options available, aligned to budget and need.

How we will help you pass and achieve certification

ESyn3rgy’s fully-trained Cyber Essentials consultants will help you with preparation before your Cyber Essentials assessment

Our team is able to run through and offer guidance on the questionnaire, and conduct an assessment of your controls to make sure you are compliant. The result will help you to understand what you may need to do before applying for your certification, and of course, assistance with helping you get there as quickly as possible. We manage the complete process including re-certification annually.

Achievement of Cyber Essentials is via a 5-stage process with ESyn3rgy, which provides support throughout

1. Gap Analysis

We provide a full, on-site, Gap Analysis comparing the organisation’s “as is” position against that required for compliance with the Cyber Essentials framework, taking into account context/scope. We work with you through the entire standard, explaining exactly what is required in each area and identifying any gaps in your existing processes, procedures or technologies.

2. Report & Action Plan

Following the Gap Analysis, we produce a report and fully costed action plan, identifying good practice and areas of improvement, to help you understand what you need to do before applying for certification.

As part of this consultation service you will receive:

  • Assessment of financial, reputational and regulatory risk of potential exposure to data loss
  • Risk comparison with peer organisations of similar operation and scale
  • Risk assessment and profile of key third parties
  • Alignment with best practice and protection against known threats
  • Protection against emerging threats such as social networks, crime-ware and advanced persistent threats
  • Exposure to regulations such as the Data Protection Act, by taking a data-centric approach; analysing data flows, repositories, people, process and third parties to ensure that your security programme has a solid grounding
  • External vulnerability scan

3. Implementation

Depending on your organisation’s ability to resource corrective actions, ESyn3rgy can act as a lead for the in-house corrective action, or we can take a more hands-on approach and work with the organisation to implement and document the corrective action.
The majority of changes required are likely to be system administration or minor modifications. In some cases, there may be a requirement for additional or replacement hardware and software. This approach will ultimately protect your organisation, as you will be aware of any investment needed at this stage, rather than paying for a certification programme up front that you cannot achieve without the additional investment.

4. Testing

With all the actions completed and the standards of the Cyber Essentials framework met, we will run a ‘dummy’ assessment for you and re-run the external vulnerability scan.

5. Completion of the Cyber Essentials Assessment and Submission to the Assessment Body

ESyn3rgy will sign off the questionnaire and will facilitate submission to the assessment body. (Note that ESyn3rgy is not able to provide the accreditation but we are able to provide the pre-assessment consultancy)

Set up a Gap Analysis for your organisation

ESyn3rgy is offering a 2024 Cyber Essentials Gap Analysis, to ensure your organisation passes and achieves the certification


Suki Gherra

Contact Sales

Tell us about you and your organisation.

How can we help?

How can we help?

Contact our Sales and Support Teams, or connect with our key people on social media to listen to and join the conversations we're having about crucial factors influencing your role within I.T.

Email Support

Call Support

+44 (0) 1604 807 020

Our Support is available 24/7/365.

Email Sales


Call Sales

+44(0) 203 598 4007

Sales Business Hours are Monday to Friday, 08h00 - 17h00.