Cyber Essentials Costs and Timeline: Planning Your Certification
Understanding the costs and timeline for Cyber Essentials certification helps you plan effectively. This guide covers what to budget and what to expect for both Basic and Plus certifications.
Key Takeaways
| Point | Summary |
|---|---|
| Basic cost | £300-500 + VAT (certification fee only) |
| Plus cost | £1,500-5,000+ depending on scope (includes Basic) |
| Timeline | Varies significantly based on your current readiness |
| Hidden costs | Staff time, gap remediation, new tools if needed |
| Managed services value | Expert help can reduce total cost by avoiding rework and delays |
Quick Answer: Cyber Essentials Basic costs £300-500. Plus costs £1,500-5,000+ depending on scope. Budget for remediation costs if you have gaps to fix. Timeline depends on your current security posture.
Cost overview
Direct costs
| Cost Type | What It Covers |
|---|---|
| Certification fee | Paid to certification body |
| Plus audit fee | Additional for Plus certification |
| Re-assessment fees | If initial assessment fails |
Indirect costs
| Cost Type | What It Covers |
|---|---|
| Staff time | Preparation and coordination |
| Gap remediation | Fixing identified issues |
| New tools | Software or hardware if needed |
| External support | Consultancy if used |
| Ongoing maintenance | Maintaining compliance year-round |
Cyber Essentials Basic costs
Certification fee
| Factor | Typical Range |
|---|---|
| Standard price | £300-500 + VAT |
| Micro business | Sometimes discounted |
| Large scope | Usually same price |
| Re-assessment | £150-300 (if failed) |
Indirect costs to consider
| Cost Type | Notes |
|---|---|
| Staff time (preparation) | Varies by readiness |
| Documentation | Usually internal time |
| Gap remediation | Could be £0-5,000+ depending on current state |
| Technical changes | Depends on what's needed |
| Policy development | If not already in place |
Cyber Essentials Plus costs
Certification fees
| Component | Typical Range |
|---|---|
| Basic certification | £300-500 + VAT |
| Plus audit (small org) | £1,200-2,000 |
| Plus audit (medium org) | £2,000-3,500 |
| Plus audit (large org) | £3,500-10,000+ |
Factors affecting Plus cost
| Factor | Impact |
|---|---|
| Number of devices | More devices = higher cost |
| Number of locations | Multiple sites increase complexity |
| Scope complexity | Cloud, remote workers, etc. |
| Audit method | Remote usually cheaper than on-site |
| Certification body | Prices vary between CBs |
What affects timeline?
The most significant factor in your timeline is your current security posture. Organisations with mature security practices can move through the process quickly; those starting from scratch will need more time.
Factors that influence timeline
| Factor | Impact |
|---|---|
| Current compliance level | Already compliant = faster |
| Remediation needed | More gaps = more time |
| Internal resources | Dedicated team = faster |
| Decision-making speed | Quick approvals = faster |
| CB responsiveness | Varies between providers |
Typical scenarios
Already well-prepared:
- Controls largely in place
- Documentation exists
- Minor adjustments needed
- Can move through process quickly
Moderate preparation needed:
- Some controls in place
- Some gaps to address
- Documentation needs updating
- Moderate timeline
Starting from scratch:
- Few controls implemented
- Significant remediation needed
- Documentation to create
- Longer timeline required
The value of getting it right the first time
Cost of getting it wrong
| Issue | Cost Impact |
|---|---|
| Failed Basic assessment | £150-300 re-assessment fee + delay |
| Failed Plus audit | £500-1,500+ re-audit fee + delay |
| Incorrect scope | May need to restart |
| Incomplete remediation | Delays and rework |
| Last-minute fixes | Premium rates, stress |
Benefits of expert support
Working with experienced partners can reduce total cost by:
- Avoiding rework: Getting controls implemented correctly the first time
- Reducing delays: Knowing what certification bodies look for
- Preventing failures: Pre-audit checks that catch issues early
- Freeing your team: Bringing additional hands to do the work
- Ensuring quality: Professional implementation that won't need fixing
Budget planning
Minimum budget (already compliant)
| Component | Estimate |
|---|---|
| Basic certification | £300-500 |
| Plus certification | £1,500-3,000 |
| Internal time | Minimal |
| Total Basic | ~£500 |
| Total Plus | ~£2,500 |
Realistic budget (some gaps)
| Component | Estimate |
|---|---|
| Basic certification | £300-500 |
| Plus certification | £2,000-4,000 |
| Gap remediation | £1,000-5,000 |
| Internal time | Moderate |
| Total Basic | ~£2,000-5,000 |
| Total Plus | ~£5,000-10,000 |
Comprehensive budget (significant work needed)
| Component | Estimate |
|---|---|
| Basic certification | £300-500 |
| Plus certification | £3,000-5,000 |
| Gap remediation | £5,000-15,000+ |
| New tools/software | £0-5,000 |
| External support | £2,000-10,000 |
| Total Basic | ~£5,000-15,000 |
| Total Plus | ~£10,000-30,000+ |
Planning for recertification
Annual costs
| Component | Estimate |
|---|---|
| Basic recertification | £300-500 |
| Plus recertification | £1,500-3,000+ |
| Ongoing maintenance | Staff time |
| Any remediation | Varies |
Tips for cost-effective recertification
- Maintain controls year-round (less catch-up)
- Document changes as they happen
- Regular internal reviews
- Plan ahead (book CB early)
- Address issues promptly
Getting started
Recommended approach
Step 1: Assess your current state
- How compliant are you today?
- What gaps exist?
- What resources do you have?
Step 2: Plan your approach
- Self-managed or expert support?
- Timeline requirements?
- Budget available?
Step 3: Budget realistically
- Include remediation costs
- Plan for contingencies
- Consider ongoing costs
Step 4: Execute efficiently
- Focus on getting it right
- Avoid shortcuts that cause rework
- Maintain momentum
How Bastion can help
Certification costs are only part of the picture. The real cost includes your team's time, potential delays, and the risk of getting things wrong.
| Challenge | How We Help |
|---|---|
| Cost estimation | We help you budget accurately for your situation |
| Efficient implementation | We bring additional hands to do the work right the first time |
| Avoiding rework | We know what certification bodies look for |
| Timeline management | We keep the process moving efficiently |
| Ongoing compliance | We help maintain certification cost-effectively |
Working with a managed service partner can actually reduce your total cost by avoiding the iterations and rework that come from learning the process through trial and error. We've done this many times, and that experience translates into a more efficient path to certification.
Ready to plan your certification? Talk to our team