How do supply chain attacks affect UK businesses?

Only 14% of UK businesses formally review cyber risks from their immediate suppliers. 35.5% of all global data breaches in 2024 originated from third-party compromises. Supply chain attacks add an average of £241,620 to the total cost of a breach and take 267 days to detect and contain.

What is ransomware and should UK businesses be worried?

Ransomware is malicious software that encrypts your data and demands payment for its return. Approximately 19,000 UK businesses were hit by ransomware in 2025. The median UK ransom demand has doubled to $5.37 million, and average recovery costs reach $2.58 million excluding the ransom itself.

What is the most common type of cyber attack in the UK?

Phishing is the most common attack type, identified by 85% of businesses that experienced a breach (DSIT 2025). Phishing accounts for 93% of cyber crimes against businesses. AI-powered phishing has driven a 204% increase in phishing emails delivering malware in 2025.

What is multi-factor authentication and why do we need it?

MFA requires two or more verification methods to access an account. Microsoft reports that over 99.9% of compromised accounts did not have MFA enabled. Only 40% of UK businesses have two-factor authentication enabled (DSIT 2025). MFA can prevent more than 99.9% of account compromise attempts.

Cyber Essentials vs Cyber Essentials Plus: Which Do You Need?

Cyber Essentials is a self-assessment covering five technical controls. Cyber Essentials Plus adds independent verification through hands-on testing. Both are NCSC-backed. If you handle sensitive data or work with government, aim for Plus.

View CE Service

Key Facts

99.9%of compromised accounts had not enabled MFA (Microsoft)

612,000UK businesses affected by cyber breaches in the past year

19,000UK businesses hit by ransomware in the past 12 months

204%increase in AI-powered phishing emails in 2025

Last updated: March 2026

Cyber Essentials vs Plus: Comparison

What each level of certification involves and how they differ.

Feature	Cyber Essentials£300–£500	CE Plus£1,500–£5,000Recommended
Self-assessment questionnaire
Independent technical testing
Vulnerability scanning
On-site assessment
Valid for government contracts
Stronger assurance for insurers	Basic	Strong
Typical completion time	1–2 weeks	2–4 weeks
Annual renewal required

Costs vary by business size and assessor. CE Plus requires a current CE certificate.

When to Choose Each Level

Both certifications have their place — the right choice depends on your risk profile and requirements.

Choose Cyber Essentials if...

You want a quick, affordable baseline certification. Good for meeting basic government contract requirements and demonstrating commitment to security.

Choose Cyber Essentials Plus if...

You handle sensitive data, work in regulated sectors, need stronger assurance for clients and insurers, or want independent verification that your controls actually work.

Cost-Benefit Analysis

Cyber Essentials costs £300–£500 and provides immediate baseline certification. Cyber Essentials Plus costs £1,500–£5,000 but delivers significantly stronger assurance — many insurers offer premium reductions that offset the additional cost within the first year. For businesses handling sensitive data, the Plus certification pays for itself.

Get a free CE readiness assessment

The AMVIA Recommendation

If you are achieving certification for the first time, start with Cyber Essentials. It is quicker, cheaper, and counts towards most government and insurance requirements. Upgrade to CE Plus when you tender for contracts involving sensitive data, or when your cyber insurer specifically requires independent verification. AMVIA supports both — often on a fixed-price basis.

Book a Cyber Essentials Readiness Call