top of page

NCSC launches Funded Cyber Essentials Programme

Small organisations from specific sectors in the UK are invited to take part in the Funded Cyber Essentials Programme.


The NCSC is helping organisations in sectors most at risk to implement baseline security controls and prevent the most common types of cyber attacks using the Funded Cyber Essentials Programme.


Some sectors are at greater risk of cyber attack than others, perhaps because of sensitive information they deal with, or because they're seen as an ‘easy target’ for cyber criminals. The NCSC’s focus is on supporting small organisations that have a low level of cyber maturity, and work with data that is sensitive and would have significant impact if disrupted. The programme will offer Cyber Essentials Plus to specific sectors that are at high risk of cyber attack, at no cost.


Who can apply? To qualify for this scheme, the organisation must either be:

  • a micro or small business (1 to 49 employees) that offers legal-aid services

  • a micro or small charity that processes personal data, as defined under GDPR

How does it work? The Funded Cyber Essentials Programme will seek to help UK organisations meet the five technical controls of  Cyber Essentials – firewalls, secure settings, access controls, malware and software updates – by identifying and implementing improvements that are right for the size and needs of the organisation.

Organisations that meet the criteria and that are eligible for the programme will receive hands-on support from a Certifying Body (CB) at no cost, although please note that the NCSC and IASME (our Cyber Essentials partner) won't provide any additional software or hardware that the assessor identifies is required to achieve Cyber Essentials.

Qualifying organisations will receive around 20 hours of remote support with a Cyber Essentials Assessor. This time will be used to support an organisation to implement the five technical controls of Cyber Essentials, followed by a hands-on technical verification that the controls have been put in place. Working with IASME, organisations will then receive a set amount of hands-on support from a cyber security expert to review technical controls and make configuration changes to the organisation’s systems if required.

Even if it's not possible to achieve Cyber Essentials Plus, the assessor will help the organisation implement as many of the technical controls as possible and give a clear list of the additional actions they need to take to be compliant. Those taking part in this scheme don't need Cyber Essentials certification, as the programme is designed to lead an organisation through the technical controls required to achieve certification. But a Cyber Essentials assessment will need to be completed before assessing for Plus.

Under the new scheme, eligible organisations that sign up will receive support from one of IASME’s network of NCSC-assured certification bodies. The Certification Bodies will deliver the Funded Cyber Essentials Programme on behalf of the NCSC, and all assessors must go through training and pass the relevant assessments and exams before working on the programme.

For more information on the Funded Cyber Essentials Programme, or to register your interest, please visit the IASME website. 

Comments


NPCC
TVP Logo
Hampshire Police Logo
SEROCU logo
Surrey Police Logo
Sussex Police Logo
Cyber Essentials Logo
Cyber Essentials Plus Logo

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of the South East Cyber Resilience Centre is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect the most recent legislation, practice, or application to your circumstances. The South East Cyber Resilience Centre provides affordable services and Cyber Essential Partners if you need specific support. For specific questions please contact us at enquiries@secrc.police.uk.  The South East Cyber Resilience Centre does not accept any responsibility for any loss that may arise from reliance on information or materials published on this website.  It is not responsible for the content of external internet sites that link to this site or which are linked from it.

© 2022 - 2025 The South East Cyber Resilience Centre

Registered in England & Wales, No. 13263448 

TM

  • Facebook for South East Cyber Resilience Centre
  • LinkedIn for South East Cyber Resilience Centre
  • X for the South East Cyber Resilience Centre
  • Youtube for South East Cyber Resilience Centre
  • Instagram for South East Cyber Resilience Centre
  • RSS feed for South East Cyber Resilience Centre
  • Threads
bottom of page