Frequently Asked Questions

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Pen Testing and Cyber Essentials

What is a penetration test?

A penetration test (or "pen test") is a simulated cyber attack carried out by security professionals to find weaknesses in your systems before real attackers do. It shows you how someone could break in - and how to stop them.

How is penetration testing different from vulnerability scanning?

Penetration testing is manual, targeted, and mimics real-world attacks to uncover deeper, complex issues. Vulnerability scanning is automated and continuous, flagging known risks like outdated software or misconfigurations. At GoDefend, we combine both for full coverage.

Can penetration testing be done remotely?

Yes. GoDefend delivers most penetration testing services remotely, using secure access methods that reduce disruption and speed up delivery. No need for on-site visits unless absolutely necessary.

How long does a penetration test take?

The time it takes to complete testing can vary, as every business has unique systems, risks, and requirements. Rather than give a one-size-fits-all estimate, we’ll provide a clear timeline tailored to your setup—and keep you informed at every stage of the process.

Will a pen test disrupt my business?

In most cases, no. Our team works carefully to minimise any disruption. If there’s ever a risk to uptime or performance, we’ll coordinate with you in advance.

How much does a pen test cost?

Our pricing is designed for small and mid-sized businesses. Costs depend on the size and scope of your systems, but we’ll provide a clear, fixed quote with no hidden extras.

How often should I get a pen test?

At a minimum, we recommend testing once a year - but that’s only part of the picture. New vulnerabilities appear all the time, which is why we pair testing with continuous monitoring to keep you protected between assessments.

Which type of pen test do I need?

That depends on your environment and goals. We offer web app, infrastructure, mobile, internal, and cloud testing - and can help you choose the right mix based on what you want to protect and whether you're working toward compliance.

What happens after the test is done?

You’ll receive a clear, prioritised report that shows what we found, why it matters, and how to fix it. Our team will walk you through the results and support you with any questions, fixes, or follow-up testing if needed.

Why does CREST certification matter?

CREST is a recognised industry standard that ensures penetration testers are highly trained and follow strict ethical and technical guidelines. All GoDefend pen tests are carried out by CREST-certified professionals, so you know you're in safe hands.

Do I need Cyber Essentials or Cyber Essentials Plus?

Cyber Essentials is great for getting started. Cyber Essentials Plus is better if you're scaling, working in regulated sectors, or bidding for government work.

How long does it take to get certified?

Basic Cyber Essentials can be done in as little as 48 hours. Cyber Essentials Plus typically takes a few weeks depending on your readiness.

What kind of support do I get from GoDefend?

We provide full hands-on support, including remediation advice, guidance through the forms, technical testing prep, and audit support.

Is Cyber Essentials a legal requirement?

Not legally required (yet) but it’s often mandatory for public sector contracts and seen as a strong security baseline.

Will I need to change my IT setup?

Sometimes. We’ll assess what you have, recommend fixes, and help you implement them.

Can I fail the assessment?

Yes, but we aim to catch issues before submission so you have time to fix them. Our goal is to help you pass the first time.

How much does it cost?

Cyber Essentials is low-cost. CE Plus involves a technical audit, so assessor fees apply. We offer cyber security certification packages, tailored for your requirements.

Cyber Essentials recognised outside the UK?

While it’s UK-specific, many international partners see it as a trusted baseline certification.

How long does the certification last?

12 months. Your cyber security certification is officially registered with IASME, the UK’s certification body and we handle the registration for you.

What happens after certification?

We can support you year-round with Pen Testing, scans, monitoring, and preparation for your next renewal.