A deep-space image showing a bright, colorful nebula with blue and white hues, surrounded by numerous stars against a dark background.

Are you ready for Cyber Essentials?

Answer 13 quick questions across the five Cyber Essentials controls and get an instant readiness score — plus a realistic timeline to certification.

1
About you
2
Firewalls
3
Config
4
Access
5
Malware
6
Patching
7
Results
About you & your business
First name*
Please enter your first name
Last name*
Please enter your last name
Work email address*
Please enter a valid email address
Phone number (optional)
What is your business name?*
Please enter your business name
What industry do you work in?*
Please select your industry
How many employees does your business have?*
Please select your team size

By submitting you agree to Nebulogiq contacting you about our services. We never share your data with third parties.

Control 1 — Firewalls & Network Security
Cyber Essentials requires a documented firewall controlling all traffic at the network boundary and host-based firewalls on every device as a secondary layer of protection.
Do you have a managed firewall protecting your network boundary?*
CE requires a documented firewall with configured rules on all network traffic entering and exiting your organisation.
Please select an answer
Are personal firewalls enabled on all company devices?*
CE requires host-based firewalls on endpoints to prevent lateral movement if the perimeter is compromised.
Please select an answer
Control 2 — Secure Configuration
CE requires removal or disabling of unneeded software and separate privileged accounts so daily work doesn't run with elevated permissions.
Are unnecessary services and features disabled on your systems?*
CE requires removal or disabling of unneeded software to reduce exploitable attack surface — every running service is a potential vulnerability.
Please select an answer
Do you manage administrator accounts separately from standard user accounts?*
CE mandates separate privileged accounts so daily work doesn't run with elevated permissions — if malware executes with admin privileges, it can compromise everything.
Please select an answer
Control 3 — User Access Control
CE v3.2 now mandates MFA on all internet-facing services and strong password policies. Even strong passwords can be stolen via phishing — MFA is the last line of defence.
Do all critical systems require multi-factor authentication (MFA)?*
CE v3.2 now mandates MFA on all internet-facing services to prevent credential compromise from phishing or data breaches.
Please select an answer
Are strong password policies enforced — ideally using a password manager?*
CE requires minimum 8-character passwords. Password managers prevent reuse and weak choices across services — this is entry-level but essential.
Please select an answer
Control 4 — Malware Protection
CE requires active, up-to-date anti-malware on every device. A set-and-forget approach fails when new variants emerge daily — real-time monitoring is essential.
Do all devices have active endpoint protection — anti-malware or EDR?*
CE requires anti-malware actively scanning and updated regularly on all devices. Windows Defender alone is not considered sufficient for business use.
Please select an answer
Is your endpoint protection actively monitored and regularly updated?*
CE requires real-time definition updates and monitoring to detect threats. New malware variants emerge daily — a stale definition file offers false security.
Please select an answer
Control 5 — Patch Management & Vulnerability
CE mandates critical patches within 14 days of release. Most breaches exploit known vulnerabilities that could have been patched months earlier.
How do you manage software patches and security updates?*
CE mandates critical and high-risk patches applied within 14 days of release. Most breaches exploit known vulnerabilities patched months before the attack.
Please select an answer
Do you regularly scan for missing patches and vulnerabilities?*
CE expects you to know what needs patching before attackers do. Without scanning you only discover gaps when someone exploits them.
Please select an answer
Do you have tested, offline backups of critical data?*
While not formally required by CE, ransomware is the #1 threat to SMEs. Your survival depends on offline backups you can actually restore from under pressure.
Please select an answer
Do you have a documented incident response plan?*
GDPR requires breach notification within 72 hours. You cannot meet that without a pre-arranged plan, contact list, and clear understanding of your obligations.
Please select an answer
Please confirm you're human*
Please complete the reCAPTCHA check
/ 100

Your Cyber Essentials Readiness Score

Based on your answers across all five CE control areas.

Readiness by domain
Domain breakdown vs CE threshold (70%)

⏱ Estimated time to Cyber Essentials certification

estimated weeks
📋

Your results have been sent to a Nebulogiq Account Manager

A member of our team will review your CE Readiness Score and be in touch shortly to discuss your results and the fastest route to certification.

A futuristic rocket with neon purple and blue lights, with neb-i written on it, launching with blue flames.
A futuristic rocket with neon purple with neb-i written on it