Phenomlab PHENOMLAB Technology. Security. Evolved.

Cyber Essentials Pricing

Readiness

Gap analysis, readiness review, action plan, 2-hour consultancy call

Typical duration: 1-2 working days

Get a Quote

Essentials

Guidance on questionnaire, remediation support, pre-checks before submission, liaising with CB

Typical duration: 3-5 working days

Get a Quote

Plus

Readiness review, remediation guidance, liaising with chosen CB, support through audit process

Typical duration: 8-10 working days

Get a Quote

Pricing Notes – Important

Note: Phenomlab provides Cyber Essentials consulting only. Certification is carried out by accredited Certification Bodies (CBs). Our role is to guide, prepare, and support you through the process to maximise your chance of first-time pass.

Readiness = The entry-level consulting service. Purely advisory, with no external fees.

Day 1 – Review of your IT setup against the five Cyber Essentials controls
Day 2 – Delivery of gap analysis report, action plan, and optional consultancy call

Essentials = We guide you through, prepare answers, ensure you’re compliant before submitting. You then pay the official IASME fee separately.

Typical duration: 3–5 working days with consultancy support

Day 1-2 – Readiness check, remediation guidance
Day 3-5 – Complete self-assessment questionnaire, review, and submission to Certification Body

Notes: If your environment is already compliant, you can sometimes certify in as little as 1–2 days. If remediation is required (e.g., patching, MFA setup), this may extend the timeline.

Essentials Plus = We act as advisor, preparing you for the audit, helping with remediation, and coordinating with the Certification Body. You pay the CB directly for the audit.

Typical duration: 5–10 working days depending on availability of the independent auditor

Day 1-3 – Pre-audit readiness check and remediation support (Phenomlab consultancy role)
Day 4-7 – Independent Certification Body schedules and carries out the audit
Day 8-10 – Audit findings addressed, certificate issued

Notes: The audit scheduling is the main variable. Some SMEs complete Plus in a week; others may take 2–3 weeks if fixes are needed after the audit.

Which Cyber Essentials Plan Should You Choose?

Readiness – Best for startups & early-stage SMEs

  • You’re just starting your security journey

  • You want to know where you stand before paying for certification

  • You need quick, affordable insights without external audit costs

Choose this if you want a low-cost readiness check and clear action plan.

Cyber Essentials – Best for growing SMEs & suppliers

  • You need an official certificate recognised by customers & supply chains

  • You want to win contracts that require Cyber Essentials as a minimum

  • You’re ready to show clients you take cybersecurity seriously

Choose this if you want formal certification and a strong business advantage.

Cyber Essentials Plus – Best for scaling SMEs & regulated industries

  • You’re bidding for government or high-value contracts

  • You need independent validation of your cybersecurity

  • You want stronger trust signals for investors, customers, and partners

Choose this if you need maximum assurance and external validation of your defences.

Frequently Asked Questions

It depends on your current stage and requirements:

  • Readiness is ideal for startups or SMEs who want a readiness check without committing to full certification.

  • Cyber Essentials suits growing businesses that need an official certificate to win contracts and reassure customers.

  • Cyber Essentials Plus is best for SMEs in regulated sectors or those bidding for high-value contracts, where independent validation is required.

Yes. Readiness is optional. Many businesses go directly to certification. Readiness is designed as a low-cost step to help you avoid surprises.

Yes. You must achieve Cyber Essentials certification before applying for Cyber Essentials Plus.

Both Cyber Essentials and Cyber Essentials Plus are valid for 12 months. They must be renewed annually.

With Phenomlab’s preparation and readiness support, you’ll know what to fix before submission. If issues are found, you’ll get a window of time to remediate and resubmit.

Not for all businesses – but many government contracts and private sector supply chains now require it. Even if it’s not mandatory for you, it’s a valuable trust signal for customers and investors.

If you already have good IT security practices, you can often achieve Cyber Essentials within a few weeks. Cyber Essentials Plus takes longer due to scheduling the external audit.

Build Your Custom Plan

Not Seeing Exactly What You Need?

Your business is unique, and your plan should be too.
With our Build Your Own Plan option, you can tailor services across CISO, GRC, and Infrastructure to match your exact needs, budget, and priorities.

How It Works

  1. Select Your Services – Choose only the elements you need, from risk management to network security.

  2. Decide Your Engagement Level – Pick the number of hours or days per month, or go fully ad-hoc.

  3. Set Your Budget – We’ll shape your plan to give maximum value without overspend.

  4. Get a Personalised Proposal – We send a clear, no-obligation plan within 24 hours.

Perfect For

  • Businesses that don’t fit neatly into standard packages

  • Organisations with seasonal or project-based requirements

  • Teams who want to start small and scale over time

Build My Custom Plan

Your journey to stronger security starts here.

Select your ideal engagement model and take the first step toward a secure, compliant, and resilient business.

Take the 3-Question Audit

  • Quick. Easy. Insightful.

  • Discover your cybersecurity readiness in under a minute.

  • Get a clear snapshot of your security posture-no strings attached.

Get your free consultation

  • Personalized expert guidance tailored to your business.

  • Let’s discuss your unique cybersecurity and compliance needs.

  • Schedule a no-obligation call with our founder today.

Cyber Essentials Comparison

Feature / LevelCyber Essentials Light (Readiness)Cyber Essentials (Official)Cyber Essentials Plus (Audited)
PurposeInformal gap analysis to prepare for certificationGovernment-backed self-assessment certificationFull certification with independent audit
Official CertificationNoYesYes
Assessment MethodConsultancy-led review & recommendationsSelf-assessment questionnaireIndependent technical audit + testing
Cost LevelLow (entry-level)Moderate (affordable for SMEs)Higher (audit costs included)
What You GetAction plan; gap analysis; readiness reportCyber Essentials certificate valid for 12 monthsCyber Essentials Plus certificate valid for 12 months
External ValidationNoNoYes
Supply Chain / Contract ReadinessBasic reassuranceRequired by many UK contractsRequired by government & high-trust contracts
Best ForStartups & SMEs exploring certificationSMEs needing formal certificationSMEs scaling; handling sensitive data; or working in regulated supply chains
Progression PathPrepares you for Cyber EssentialsCan be upgraded to PlusHighest assurance level

Cyber Essentials Comparison

Cyber Essentials Light (Readiness)

  • Purpose: Informal gap analysis to prepare for certification
  • Official Certification: No
  • Assessment Method: Consultancy-led review & recommendations
  • Cost Level: Low (entry-level)
  • What You Get: Action plan; gap analysis; readiness report
  • External Validation: No
  • Supply Chain / Contract Readiness: Basic reassurance
  • Best For: Startups & SMEs exploring certification
  • Progression Path: Prepares you for Cyber Essentials

Cyber Essentials (Official)

  • Purpose: Government-backed self-assessment certification
  • Official Certification: Yes
  • Assessment Method: Self-assessment questionnaire
  • Cost Level: Moderate (affordable for SMEs)
  • What You Get: Cyber Essentials certificate valid for 12 months
  • External Validation: No
  • Supply Chain / Contract Readiness: Required by many UK contracts
  • Best For: SMEs needing formal certification
  • Progression Path: Can be upgraded to Plus

Cyber Essentials Plus (Audited)

  • Purpose: Full certification with independent audit
  • Official Certification: Yes
  • Assessment Method: Independent technical audit + testing
  • Cost Level: Higher (audit costs included)
  • What You Get: Cyber Essentials Plus certificate valid for 12 months
  • External Validation: Yes
  • Supply Chain / Contract Readiness: Required by government & high-trust contracts
  • Best For: SMEs scaling; handling sensitive data; or working in regulated supply chains
  • Progression Path: Highest assurance level
Click to access the login or register cheese

Table of Contents

Contents