NormCyber review: Cyber Essentials in 2026
A factual review of NormCyber as a Cyber Essentials certification body - their MSSP model with SOC and managed services, pricing guidance, and where Fig Group differs.
NormCyber review: Cyber Essentials in 2026
NormCyber is a UK managed security services provider (MSSP) and IASME-licensed Cyber Essentials body. Their model is SOC-led with managed detection, user awareness, and vCISO services alongside certification. They are well suited to mid-market organisations buying an ongoing managed security package rather than a point-in-time certificate. Fig Group differs on price floor, certification speed, and platform delivery.
Who NormCyber is
- Reputation: UK MSSP, 24/7 SOC, managed cyber services
- IASME-licensed: yes - on the IASME directory
- Scope: Cyber Essentials, CE Plus, managed SOC, vCISO, security awareness training, incident response
- Typical customer: mid-market organisations buying a managed security wrap
NormCyber's SOC depth is real; if that is your primary need, bundling certification with them has logistical value.
Pricing and turnaround
NormCyber does not publish headline CE pricing - quote-based. MSSP-bundled CE typically prices above standalone certification; see normcyber.com for current figures. Turnaround is engagement-based.
Where NormCyber makes sense
- You want ongoing managed detection + certification bundled.
- You are buying vCISO services.
- You want user awareness training included.
Where Fig Group positions differently
1. £299.99 + VAT published Micro-tier price. Pricing is transparent.
2. 6-working-hour SLA on clean submissions.
3. £25k cyber insurance included.
4. Platform + AI-augmented delivery rather than SOC-bundled.
5. Verifiable IASME licence: 325cdf33-3812-4082-bf8d-7dce7ac02977 on the IASME directory.
The certificate is identical
NormCyber-issued and Fig-issued CE certificates are equivalent - same scheme, same validity, same directory.
When to consider Fig
- You do not need managed SOC from the certification body
- Budget matters
- Speed matters
- You want bundled insurance rather than bundled services
Bottom line
NormCyber is a reputable UK MSSP with a valid CE practice. If managed detection is the primary need, they make sense. For the lowest published UK price with the fastest turnaround, Fig's Micro tier is the direct alternative.
Start Cyber Essentials with Fig - from £299.99 + VAT | All pricing tiers | Free readiness check
About the author
Jay Hopkins
Managing Director, Fig Group
Jay Hopkins is the Managing Director of Fig Group and an IASME-licensed Cyber Essentials assessor. He was previously Head of Technology for a global regulated firm. He works with UK organisations across regulated sectors on baseline compliance, supply-chain assurance, and AI-augmented security tooling.
Next step
Ready to get certified?
Get Cyber Essentials certified with Fig. Same-day certification available when you purchase before 12:00 midday. IASME-licensed with transparent pricing from £299.99 + VAT.
Related solutions