Micro
1-9 employees
£1,499+ VAT
One-off · no recurring fee
- Everything in Cyber Essentials
- External vulnerability scan
- Remote technical audit
- 1-3 working days turnaround
Pricing
Cyber Essentials Plus, from £1,499 + VAT.
Published pricing across all four organisation-size tiers. No hidden consultancy bundle, no sales gatekeeping. Same NCSC-backed scheme, same independent technical audit, transparent fee.
£1,499
Starting price (Micro tier, ex VAT)
4 tiers
Published openly by organisation size
£0
Mandatory consultancy or hidden fees
Pricing
Four tiers, all published
Tier pricing is decided by total UK headcount including part-time staff and contractors. One-off fee per tier - no recurring charge.
Cyber Essentials Plus
Third-party verified · 1-3 days
Small
10-49 employees
£1,999+ VAT
One-off · no recurring fee
- Everything in Cyber Essentials
- External vulnerability scan
- Remote technical audit
- 1-3 working days turnaround
Medium
50-249 employees
£2,799+ VAT
One-off · no recurring fee
- Everything in Cyber Essentials
- External vulnerability scan
- Remote technical audit
- 1-3 working days turnaround
Large
250+ employees
£4,499+ VAT
One-off · no recurring fee
- Everything in Cyber Essentials
- External vulnerability scan
- Remote technical audit
- 1-3 working days turnaround
Why we are cheaper
Three structural reasons
Lower price is not a discount on a thinner audit - it is the result of running CE Plus with a different operating model than consultancy-led CBs.
01 · Software-first audit
Lower delivery cost, same scheme
Most CBs deliver Plus through a consultancy-led workflow with high billable hours. We run the audit through Fig's platform - automated scope checks, evidence aggregation, and verification - so the assessor focuses on review, not data entry.
02 · No bundled consultancy
Pay for the certificate, not the up-sell
No mandatory pre-assessment workshop. No "scoping fee" surcharge. No remediation retainer required to enrol. The published price is the price you pay - your only optional extra is buying the prerequisite Cyber Essentials if you do not already hold it.
03 · No sales gatekeeping
Buy direct, no quote round
Most CE Plus providers publish "POA" and require a sales call before pricing. We publish the full price ladder publicly so buyers can compare against three competitors in five minutes - and buy direct via Stripe without a sales conversation.
What every tier includes
Same scheme, every tier
Lower-tier pricing does not mean a lighter audit. Every Plus engagement covers the same scheme requirements and produces the same NCSC-backed certificate.
External vulnerability scan
Of internet-facing services and infrastructure.
Remote technical audit
Sampled device checks across operating systems, role types, and locations.
MFA + control verification
Independent verification that MFA, secure config, and patching match the questionnaire.
1-3 working days
Most assessments complete within three working days.
IASME-licensed certificate
Same NCSC-backed certificate issued by any UK CB.
12-month validity
Annual recertification cadence; renewal pricing identical to first issue.
Important
Cyber Essentials is a prerequisite
Cyber Essentials Plus is built on top of Cyber Essentials. To hold a Plus certificate you also need a current Cyber Essentials certificate covering the same organisation and scope. If you don’t already hold one, buy both.
Cyber Essentials
From £299.99 + VAT
Self-assessment certificate, certified in 6 hours for compliant submissions.
See Cyber EssentialsCyber Essentials Plus
From £1,499 + VAT
Independent technical audit on top of Cyber Essentials, 1-3 working days.
See Cyber Essentials PlusMarket comparison
Below market at every tier
Typical UK CE Plus market pricing varies from roughly £2,000 to £12,000+ depending on organisation size and how much consultancy the CB bundles into the fee.
| Tier | Fig Group | UK market range | Saving |
|---|---|---|---|
| Micro (1-9) | £1,499 | £2,000 - £3,500 | Up to 57% lower |
| Small (10-49) | £1,999 | £3,000 - £5,000 | Up to 60% lower |
| Medium (50-249) | £2,799 | £4,500 - £7,500 | Up to 63% lower |
| Large (250+) | £4,499 | £6,000 - £12,000+ | Up to 63% lower |
Market ranges are illustrative based on publicly-quoted UK CE Plus pricing observed across IASME-licensed CBs. Actual pricing varies by provider, scope, and bundled services.
FAQ
Pricing questions answered
Why is Fig's Cyber Essentials Plus cheaper than the market?
Two structural reasons. First, we deliver the audit through a software-first workflow that lowers per-engagement labour cost. Second, we don't bundle mandatory consultancy or scoping fees into the certificate. The price you see is the price you pay - no surprise add-ons after a sales call.
Is the certificate the same as more expensive CE Plus providers?
Yes. There is one Cyber Essentials Plus scheme, run by IASME on behalf of the NCSC. Every IASME-licensed CB issues the same certificate against the same v3.3 requirements. What varies between providers is delivery model and pricing, not the certificate itself.
Do I need Cyber Essentials before Cyber Essentials Plus?
Yes. Cyber Essentials Plus requires a current Cyber Essentials certificate covering the same organisation and scope as a prerequisite. If you don't already hold CE, buy both - our CE pricing starts from £299.99 + VAT and runs in parallel with Plus scheduling.
Are there any hidden fees we should know about?
No. Pricing is published by organisation size, no consultancy retainer, no scoping fee, no per-resubmission charge. The only thing that can add cost is if your scope materially changes mid-audit (e.g. you add new sites or services that weren't declared at quote time) - we'd explain and re-quote before doing extra work.
How do I know which tier I need?
CE Plus tiers are priced by total UK staff headcount, including part-time and contractors. Pick the tier matching your organisation size. If you're uncertain, the readiness checker on /cyberessentials walks through scope and outputs your correct tier.
How quickly can the Plus audit start?
Once your CE baseline is in place and a sample of devices is available for testing, the Plus audit typically completes in 1-3 working days. The slowest variable is usually device availability - the scheme requires sample testing, so devices need to be reachable in the audit window.
Cyber Essentials trust evidence
The buyer evidence to check before you purchase
This block keeps the commercial claims close to the final decision point: licence, speed, pricing, reviews, and the important difference between Cyber Essentials and Cyber Essentials Plus.
Licence
IASME-licensed Plus route
Cyber Essentials Plus is delivered as an IASME-backed technical verification route after Cyber Essentials, with licence evidence available for procurement checks.
Verify IASME licenceScope
Plus is not the 6-hour product
The 6-hour guarantee applies to Cyber Essentials self-assessment only. Plus adds technical audit work, sampled device testing, and remediation scheduling.
Review Plus scopePricing
Published Plus pricing
Cyber Essentials Plus pricing is published by organisation size so buyers can compare cost before booking a technical audit.
Review Plus pricingReviews
Evidence-led buying check
Use Fig trust pages, Google review signals, and the official scheme sources to verify claims before committing to a Plus assessment.
Review trust evidencePractical rule: buy Cyber Essentials when the requirement asks for baseline certification. Buy Cyber Essentials Plus only when the buyer, insurer, or framework specifically asks for the audited technical verification layer.
Buy Cyber Essentials Plus, transparently.
Pick your tier. Buy direct via secure Stripe checkout. No sales call required, no hidden consultancy bundle, no surprise add-ons after you commit.