Cyber Essentials
DashboardSign Out

Lesson 1.1 — What is Cyber Essentials?

This lesson introduces learners to the Cyber Essentials scheme — what it is, why it exists, who created it, and what it is actually asking organisations to do.

What You'll Be Able to Do

By the end of this lesson, you will be able to:

  • explain what Cyber Essentials is
  • why it was created
  • who governs it
  • what it means for an organisation to be certified.

Why This Matters

It provides the foundation needed before any technical or practical lesson makes sense.

The Core Rule

Cyber Essentials is a UK government-backed scheme that checks whether an organisation has the basic cybersecurity controls in place to defend against common online attacks.

It covers five areas: firewalls, secure configuration, user access control, malware protection and security update management.

Why Cyber Essentials was created

The UK government, working with industry, identified that a large proportion of successful cyberattacks exploited basic, preventable weaknesses.

Attackers do not usually break through advanced defences first. They look for easy targets — organisations with default passwords still in place, outdated software, unrestricted administrator access, or no malware protection. They probe for open ports, unpatched systems and weak credentials.

Who the scheme is for

Cyber Essentials is relevant to any organisation that uses IT systems to conduct business — which, in practice, means almost every organisation in the UK.

It is particularly significant for:

What the scheme actually does

Cyber Essentials asks an organisation to assess its IT environment against five technical control areas.

Those five control areas are:

Copy This

Work through the workbook activity for this lesson. Each question maps directly to the CE questionnaire.

Quick Checklist

Before moving on, make sure you can say yes to these:

  • [ ] Which organisation owns the Cyber Essentials scheme?
  • [ ] What does Cyber Essentials Basic require an organisation to do?
  • [ ] How long is a Cyber Essentials certificate valid?
  • [ ] Which of the following is one of the five Cyber Essentials control areas?
  • [ ] For which type of organisation is Cyber Essentials mandatory?

Your Action

Do this now — it takes 10–20 minutes.

Download the Cyber Essentials Requirements for IT Infrastructure v3.3 from ncsc.gov.uk and save it somewhere you can find it throughout this course.

Key Takeaway

This course will walk you through the scheme step by step, from understanding what needs to be in scope to preparing your final answers and evidence.

Your Workbook Activity

Complete: Course orientation and commitment record

Next Lesson

In the next lesson: The five controls

Up next

The five controls

Get a practical overview of the five Cyber Essentials technical controls and how they shape your assessment.