Why Cyber Essentials Certification Costs Less with Fig Group Than the Standard IASME Fee

Organisations searching for Cyber Essentials certification in the UK face a confusing pricing landscape. Some providers charge under £350 + VAT. Others charge over £500 + VAT for the same certification. The certificate at the end is identical - same NCSC standard, same IASME database entry, same 12-month validity. So why does the price vary so much?

This guide breaks down how Cyber Essentials pricing works, what the standard IASME fee structure looks like, and why Fig Group is able to charge below the industry baseline without compromising on assessment quality or turnaround speed.

How Cyber Essentials Pricing Works

Cyber Essentials is a UK government-backed certification scheme administered by IASME on behalf of the NCSC. Organisations cannot self-certify - they must go through an IASME-licensed certification body. There are dozens of licensed bodies operating in the UK, and each sets its own retail price.

When a certification body issues a Cyber Essentials certificate, a portion of the fee is remitted to IASME. The remainder covers the certification body's own costs: assessor time, platform infrastructure, support, and overheads. The retail price an organisation pays therefore reflects both the IASME component and the certification body's operational costs and margin.

The standard industry price for Cyber Essentials (micro, 1 to 9 employees) has settled around £320 + VAT. This is what most certification bodies charge. It is not a fixed price set by IASME - certification bodies are free to charge more or less. But £320 + VAT has become the de facto baseline.

Where Fig Group Sits in the Pricing Landscape

Fig Group charges £314.99 + VAT for Cyber Essentials certification for micro organisations. This is below the £320 + VAT standard that has become the industry norm. Across all organisation tiers, Fig Group prices at or below the equivalent standard fee.

This is not a temporary introductory offer. It is not a promotional discount that reverts to a higher price after a trial period. It is the permanent, standard price.

Here is the full pricing schedule:

TierEmployeesFig GroupTypical Market Price------------Micro1 - 9£314.99 + VAT£320 - £500 + VATSmall10 - 49£449 + VAT£450 - £600 + VATMedium50 - 249£549 + VAT£550 - £750 + VATLarge250+£649 + VAT£650 - £900 + VAT

The right-hand column shows the range organisations commonly encounter when comparing providers. Fig Group sits at the bottom of every range.

What Drives the Price Differences Between Certification Bodies

Understanding why prices vary helps organisations make informed decisions. The factors that cause one certification body to charge significantly more than another include:

Manual processes vs platform automation. Certification bodies that rely on email-based workflows, shared spreadsheets, and manual certificate generation have higher per-assessment costs. Every manual step requires staff time. Those costs are passed to the customer. Fig Group's platform automates submission intake, assessor routing, feedback delivery, and certificate generation - eliminating the administrative overhead that inflates prices elsewhere.

Bundled services the customer did not ask for. Some providers include consultancy, pre-assessment guidance, or "guided completion" in their price. For organisations with competent IT management, these services are unnecessary. They add cost without adding value. Fig Group provides the assessment and structured feedback - the things every organisation actually needs. Organisations that want pre-assessment guidance can use the free readiness checker at no charge.

Express and priority surcharges. Several certification bodies charge a base price for standard service (3 to 5 working days) and an additional fee for "express" or "priority" turnaround. Fig Group's same-day service from point of self-assessment submission is the standard offering at the standard price. There is no express tier because the standard tier is already fast.

Brand premium. Larger consultancy firms and well-known security companies often charge a premium for the same certification. The certificate issued is identical regardless of which IASME-licensed body performs the assessment. Paying more does not get you a better certificate.

What Organisations Receive at Fig Group's Price

Despite being priced below the industry standard, Fig Group's service includes everything an organisation needs for certification:

Complete Cyber Essentials v3.3 assessment. The full self-assessment covering firewalls, secure configuration, security update management, user access control, and malware protection. Aligned to the current NCSC requirements including the MFA mandate that applies to assessment accounts created from 28 April 2026 onwards.

Human assessor review. Every submission is reviewed by an IASME-licensed human assessor. Fig Group uses AI to assist assessors - pre-screening for completeness and flagging inconsistencies - but the certification decision is always made by a qualified human.

Three rounds of structured feedback. If corrections are needed, feedback is delivered through the platform with specific references to the relevant control and question. Up to three rounds are included at no additional cost. There are no resubmission fees.

Same-day certification from point of self-assessment submission. Orders placed before midday receive their certificate the same working day, typically within 6 hours of self-assessment submission. This is the standard service, not a premium add-on.

Official certificate and database registration. The certificate is registered on the IASME certificate database and is publicly verifiable. A digital badge is provided for website and marketing use. The certificate is valid for 12 months.

Common Pricing Traps to Watch For

When comparing Cyber Essentials certification bodies, watch for these pricing practices:

"From" pricing that excludes mandatory components. Some providers advertise a low headline price but charge separately for the IASME registration, certificate delivery, or digital badge. Confirm that the quoted price includes everything required for a complete certification.

Resubmission fees. If your first submission needs corrections, some certification bodies charge a fee for each resubmission. This can add £50 to £100 per round. Fig Group includes up to three rounds at no additional cost.

Express fees for reasonable turnaround. If a certification body charges extra for service within a week, that is a surcharge for what should be standard. A five-day turnaround for a self-assessed certification that takes 60 to 90 minutes to complete should not be treated as a premium service.

Annual platform subscriptions. Some providers require an ongoing platform subscription in addition to the certification fee. Cyber Essentials is a 12-month certification. You should not be paying monthly platform fees on top of the assessment cost.

Bundled consultancy you cannot opt out of. If the provider's base price includes "guided assessment" or "consultancy support" that cannot be removed, you are paying for a service you may not need. Competent organisations should have the option of a straightforward assessment at a straightforward price.

The Maths of Cheaper and Faster

The conventional assumption in most markets is that faster service costs more. In Cyber Essentials certification, the opposite is true at Fig Group - and the reason is structural.

Traditional certification bodies have high per-assessment costs because their processes are manual. To offer faster turnaround, they need to allocate dedicated assessor time outside the normal queue, which increases cost further. Hence the express surcharge.

Fig Group's platform-driven approach means the marginal cost of processing each assessment is lower. The same automation that reduces cost also reduces turnaround time. There is no queue to jump because there is no queue. There is no express tier because the standard process is already optimised for speed.

Lower cost and faster turnaround are not competing priorities. They are both consequences of the same investment in platform technology.

Cyber Essentials Plus Pricing

For organisations that need the higher assurance level, Fig Group's Cyber Essentials Plus pricing is:

TierEmployeesPrice---------Micro1 - 9£1,499 + VATSmall10 - 49£1,999 + VATMedium50 - 249£2,799 + VATLarge250+£4,499 + VAT

Plus certification includes an independent third-party technical audit with external vulnerability scanning. The turnaround is typically 1 to 3 working days. All Plus certifications include the underlying Cyber Essentials certification at no extra cost.

How to Proceed

For organisations ready to certify:

1. Use the free readiness checker to verify your controls meet the requirements - 10 to 15 minutes, no payment needed

2. Purchase certification at Fig Group's pricing page from £314.99 + VAT

3. Complete the self-assessment questionnaire

4. Receive your certificate - typically within 6 hours of self-assessment submission for orders before midday

For organisations comparing providers: the certificate is the same regardless of which licensed body issues it. The standard is the same. The database entry is the same. The 12-month validity is the same. The difference is how much you pay and how long you wait.

Compare pricing and get certified today