A 30-person construction firm achieved Cyber Essentials and Cyber Essentials Plus certification with Dalton Cyber’s guidance — meeting Ministry of Defence (MoD) contractual requirements and strengthening its overall cyber maturity.
Client
Construction Firm
Industry
Construction
Company Size
30 employees
Client Background
The client is an established construction firm delivering both private-sector projects and public-sector contracts.
When bidding for work on an MoD site, the firm was required to demonstrate its cybersecurity credentials through Cyber Essentials (CE) and Cyber Essentials Plus (CE+) certification — a prerequisite before onboarding and access to sensitive project data.
While the company already worked with a capable managed service provider (MSP) for IT, it had no formal cybersecurity structure or policies in place and limited internal expertise.
The Challenge
The firm found itself in a common position:
Good IT operations, limited cybersecurity governance.
No written policies or consistent processes.
Staff awareness was low, and cyber risk wasn’t yet a board-level consideration.
The MSP could support with technology, but not the specialist assurance knowledge needed to meet MoD expectations.
They knew certification was mandatory — but didn’t know where to begin.
Our Approach
Dalton Cyber took a collaborative and non-judgemental approach from the start. Rather than treating the process as a box-ticking exercise, we worked as a trusted advisor alongside both the client and their MSP — translating technical requirements into plain English and helping them understand why each control mattered.
Our support included:
A light-touch readiness review to identify quick wins.
Practical guidance to implement essential controls such as MFA, secure configuration, and backups.
Policy templates tailored to fit their business structure.
Flexible scheduling around project timelines to minimise disruption.
Throughout, our goal was not only to secure certification but to add value beyond compliance — improving day-to-day cyber hygiene and building long-term confidence.
The Outcome
The firm successfully achieved Cyber Essentials and Cyber Essentials Plus certification within their project deadlines.
More importantly, the process prompted a shift in mindset:
Staff became more aware of risks and their responsibilities.
The business adopted a more professional, structured approach to managing cybersecurity.
They were able to onboard to MoD projects smoothly and compete for higher-value contracts.
The partnership also led to referrals within the client’s professional network — evidence of the trust and value they found in the process.
Lessons Learned
For many SMEs, the idea of “getting certified” can feel overwhelming — especially when it’s tied to contract deadlines or government frameworks.
But like any big challenge, it’s best tackled one step at a time.
Dalton Cyber helps clients break down complexity into manageable actions, building assurance and resilience layer by layer.
What the Client Said
"Dalton Cyber made the whole thing clear and achievable. We didn’t just tick boxes — we actually learned what good looks like. Cybersecurity’s now part of how we run the business, not just something for IT. We’re in a much better place than we were six months ago, and I sleep a bit easier knowing we’ve taken real steps to protect the company."
If certification feels daunting or you’re unsure where to start, don’t wait until a contract demands it. Start the conversation now — we’ll guide you through each stage and help you build real confidence, not just compliance.