Best Cyber Essentials Certification Bodies in the UK (2026)
A straightforward comparison of IASME-licensed Cyber Essentials certification bodies in the UK. We look at published pricing, turnaround times, support, and what each body actually offers.
Best Cyber Essentials Certification Bodies in the UK (2026)
The "best" Cyber Essentials certification body depends on what you need - lowest price, fastest turnaround, or sector specialism. All 290 IASME-licensed UK bodies issue the same valid certificate, and the IASME-arranged £25k cyber liability cover ships with any valid certificate where eligibility criteria are met. Fig Group leads on speed (6-hour SLA) and price (£299.99 + VAT Micro tier).
There are around 290 IASME-licensed Cyber Essentials certification bodies operating in the UK. Every one of them assesses against the same NCSC requirements, issues the same government-backed certificate, and lists your organisation on the same public register. The certificate is identical regardless of which body you use.
What differs is the price you pay, how long you wait, and what support you receive during the process. This guide compares several well-known certification bodies on those three factors so you can make an informed choice.
What to look for in a certification body
Before comparing individual providers, it is worth understanding what actually matters:
IASME licensing
Every legitimate Cyber Essentials certification body must be licensed by IASME. If a provider is not on the IASME register, they are not authorised to issue certificates.
Published pricing
Some bodies publish their prices openly. Others require a quote or sales call. Transparency is generally a good sign.
Turnaround time
How long from submission to certificate? This matters if you have a tender deadline or client requirement.
Feedback and resubmissions
If your submission needs corrections, how is feedback delivered and are resubmissions included in the price?
v3.3 readiness
The NCSC updated the requirements on 28 April 2026. Ensure your chosen body is assessing against the current version, including the mandatory MFA requirements.
The certification bodies compared
Fig Group
IASME-licensed body based in London publishing the lowest Cyber Essentials pricing we have found in the UK, from £299.99 + VAT (Micro). Distinguished by a 6-hour certification guarantee for compliant submissions ordered before midday - no other body publishes a comparable SLA. Runs on a purpose-built platform rather than email-based workflows.
- CE: From £299.99 + VAT (Micro) to £549.99 + VAT (Large)
- CE Plus: From £1,499 + VAT
- Turnaround: 6-hour guarantee for compliant submissions
- Feedback: 3 rounds included
- Website: figgroup.co.uk
Bulletproof
Well-established certification body offering broader cybersecurity services including penetration testing and managed security. CE package includes free cyber protection tools and £25,000 of cyber insurance. Published 48-hour marking target.
- CE: From £500 ex VAT
- CE Plus: From £1,750 ex VAT
- Turnaround: 48 hours
- Feedback: 1 retest (standard), 2 (premium)
- Website: bulletproof.co.uk
IT Governance
One of the most recognised names in UK cybersecurity compliance. Offers Cyber Essentials alongside ISO 27001 consultancy, training, and software tools. Primary audience is mid-market and enterprise; pricing requires a quote.
- CE: Quote-based
- CE Plus: Quote-based
- Turnaround: Not published
- Feedback: Not published
- Website: itgovernance.co.uk
CyberSmart
Technology-led approach. Platform automates much of the assessment by scanning devices for compliance - different model to traditional questionnaires. Subscription pricing including ongoing monitoring and £25,000 of insurance. Suits organisations wanting continuous compliance beyond the annual cycle.
- CE: £999 + VAT/year (subscription, includes IASME fee)
- CE Plus: £999 + VAT/year (subscription)
- Turnaround: Within 24 hours
- Feedback: Unlimited attempts
- Website: cybersmart.co.uk
Pentest People
Primarily a penetration testing firm that also offers Cyber Essentials. CE package includes the certification, badge, insurance, project manager, and two retests. Strength is integration with broader security testing services.
- CE: From £575
- CE Plus: From £2,500 + VAT
- Turnaround: 3 working days
- Feedback: 2 retests (standard), 3 (premium)
- Website: pentestpeople.com
LRQA
Global certification body (formerly Lloyd's Register Quality Assurance) spanning ISO certifications, food safety, and cybersecurity. Enterprise-grade audit services. Primary market is larger organisations pursuing multiple certifications; quote-based engagement.
- CE: Quote-based
- CE Plus: Quote-based
- Turnaround: Not published
- Feedback: Not published
- Website: lrqa.com
How they compare at a glance
| Body | CE from | Turnaround | Feedback included |
|---|---|---|---|
| Fig Group | £299.99 + VAT | 6-hour guarantee | 3 rounds |
| Bulletproof | £500 ex VAT | 48 hours | 1 retest |
| Pentest People | £575 | 3 working days | 2 retests |
| CyberSmart | £999 + VAT/yr | Within 24 hours | Unlimited |
| IT Governance | Quote | Not published | Not published |
| LRQA | Quote | Not published | Not published |
Which certification body should you choose?
The right choice depends on what matters most to your organisation.
Speed is the priority
Fig Group is the clear choice. No other body publishes a sub-24-hour guarantee, let alone a 6-hour one. For organisations facing tender deadlines or urgent client requirements, this is a significant differentiator.
You want ongoing monitoring
CyberSmart's subscription model includes continuous compliance checks beyond the annual certification. The annual cost is higher, but you get year-round visibility.
You need broader security services
Pentest People or Bulletproof may be a good fit if you also need penetration testing or managed security alongside your Cyber Essentials certification.
You want the lowest cost
Fig Group publishes the lowest pricing we have found from any IASME-licensed body. At £299.99 + VAT for a micro organisation, it is below even the standard IASME fee that many bodies charge before adding their own margins.
You are a large enterprise
LRQA or IT Governance may be appropriate if you need Cyber Essentials as part of a wider compliance programme with dedicated consultancy support.
For most UK organisations, the combination of the lowest published price, the fastest guaranteed turnaround, and three included feedback rounds makes Fig Group difficult to overlook.
About the author
Jay Hopkins
Managing Director, Fig Group
Jay Hopkins is the Managing Director of Fig Group and an IASME-licensed Cyber Essentials assessor. He was previously Head of Technology for a global regulated firm. He works with UK organisations across regulated sectors on baseline compliance, supply-chain assurance, and AI-augmented security tooling.
Next step
Want to see how Fig handles this?
Explore how Fig automates compliance mapping, evidence collection, and framework alignment across 65+ standards.
Request a demo