top of page

Securing Your Charity's Future: Free Government Funding for Cyber Essentials Plus

As a charity, protecting sensitive information and data is of utmost importance. With the rise of cyber-attacks, it is more crucial than ever to ensure your organization is equipped with the necessary measures to safeguard your clients, donors, and reputation.

hands in a circle holding plants

The good news is that the National Cyber Security Centre (NCSC) has launched the fully Funded Cyber Essentials Programme - NCSC.GOV.UK to help specific sectors that are at high risk of a cyber-attack, at no cost.

What is the Cyber Essentials Accreditation?

Cyber Essentials is a simple and effective Government-backed scheme, supported by industry experts and the Cyber Resilience Centre Network. Cyber Essentials will help you put measures in place to protect your organisation, against a range of the most common cyber-attacks. This includes protecting against threats such as malware, ransomware, and phishing. Read more here: Cyber Essentials & Plus Training & Certification ¦ ECRC (

Why do Charities Need Cyber Essentials?

Charities hold a significant amount of sensitive information, including personal records, which if compromised, could potentially harm their reputation and ability to raise funds for their worthy causes. Alarming statistics reveal that nearly half of charities have very basic or non-existent cyber security protocols in place – making them an effortless target for cyber criminals.

Cyber Essentials can fully or partially mitigate up to 99% of common cyber-attacks. Meaning if you meet the Cyber Essentials standard you are less likely to fall victim to a cyber-attack yourself and you will be able to reassure your customers and trustees that you have recognised the threat, risks and have taken proactive steps to minimise the impact.

Funded Cyber Essentials Programme

All modern businesses are susceptible to cyber-attacks, however, certain organizations face a heightened risk, whether it's due to the possession of sensitive information or being perceived as an effortless target by cybercriminals.

To address this issue, the National Cyber Security Centre (NCSC) has established the Funded Cyber Essentials Program, specifically targeting the most vulnerable sectors. This initiative aims to provide vulnerable organisations with help to implement baseline security controls to prevent the most common types of cyber-attack.

The scheme is designed to lead an organisation through the technical controls required to achieve Cyber Essentials certification, followed by the audit for Cyber Essentials Plus. No previous cyber security certification or experience is necessary.

How do I qualify for the Funded Cyber Essentials Programme?

To qualify for this scheme, your organisation must be: a micro or small charity (1 to 49 employees, excluding volunteers) that has a core purpose of providing support to victims of domestic abuse.

Applying organisations must also meet the following criteria:

  • Has not previously participated in the NCSC Funded Cyber Essentials Programme.

  • Does not currently hold Cyber Essentials Plus (CE+) certification, has not been awarded CE+ certification since May 2022 and is not currently in the process of applying for CE+ certification.

If your business or organisation meets the above criteria and you wish to express an interest in the Funded Cyber Essentials Programme, please visit the website of the NCSC’s Cyber Essentials partner, IASME, where you can register your interest.

cyber essentials logo

Further Guidance and Support

Here at the ECRC, we would recommend taking the following proactive steps to enhance your cyber resilience and protect your organization from potential cyber-attacks:

  1. Check your current security standard using the free Cyber Essentials Readiness Tool. The Readiness Tool is an interactive set of questions that addresses various parts of your organisation’s security. A step-by-step action plan is tailored to your requirements based on your answers to the questions.

  2. Join our community at the Eastern Cyber Resilience Centre; it’s totally free. We can talk to you about your cyber resilience and can offer guidance to free tools that you can implement straight away.

When you join our community, you get:

  • Little steps programme – series of weekly emails which aligns to cyber essentials with bite-sized practical information to build cyber resilience.

  • Threat alerts both regionally and nationally.

  • Signposting to free tools and resources from both Policing and the NCSC.

  • Discussion area to meet and talk to other companies in the region and our partners.

  • Support from the ECRC team.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing ​

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Get in touch

01223 856020

Facebook | Twitter | LinkedIn: @EasternCRC

Instagram: @_EasternCRC


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page