I (hope) not many will be in that final group now as Cyber Essentials, in one form or another, has been around since 2014.
Cyber Essentials compliance is simply a must-have for every business, agency, charity, and local or national government. Besides being a requirement for doing business with local and national government departments, it's just good practice for any organisation. Cyber Essentials is essentially asking for your organisation to have good cyber security hygiene, which is never a bad thing.
Annual re-certification is required to ensure on-going compliance. It's not something you can do once, tick some boxes and forget about. Your certification body will have a long list of questions and you'll need to dig out documentation and evidence to back up your claims of compliance.
Making Cyber Essentials your day-to-day working style and with tools in place to complete the audit is the answer to relieving the stress and panic of a Cyber Essentials audit.
At the core of the Cyber Essentials requirements, and foundational to just about all cybersecurity best practice standards such as Digital Security and Protection (DSP) Toolkit used by the NHS, are good management of privileged accounts. After all, these accounts are extremely powerful, so if you can't manage their access and usage, then you can't have confidence in your backup management, firewalls, anti-virus, SIEM and the myriad of other security systems you might have.
A new free whitepaper from Osirium includes a detailed breakdown of the privileged account management requirements of Cyber Essentials and how they can be addressed with modern Privileged Access Management (PAM) and Privileged Process Automation (PPA). What's really important is that it's not just theory - it's a guide built on the experience of Osirium's own Cyber Essentials assessments and helping their customers when they've been assessed.
So, at least for the privileged access management elements of Cyber Essentials, you can claim to be "Fully prepared, bring it on!"