What the new Cyber Essentials requirements mean for your organisation


Increasing interconnectedness has made cybersecurity knowledge essential for individuals and organisations alike.

In the United Kingdom, the government backed the Cyber Essentials scheme to help organisations become more aware of the threats and problems that exist in the cyber world. This is a certification that you can receive to help you protect your organisation going forward.

However, in April 2023 changes are being made to the Cyber Essentials Certification,  with a new set of requirements necessary to be certified in Cyber Essentials. In this article, we’re going to go over these changes and how they could affect your business.

What is the Cyber Essentials Certification?

Cyber Essentials and Cyber Essentials + are certifications achievable in the United Kingdom and are renewed annually.

The goal of this certification is to help educate organisations and businesses on the risks and dangers of the modern, virtual world — and to ultimately help companies protect themselves against possible cyber attacks and threats.

Created in 2014, this plan has been part of the UK government’s strategy to help organisations protect themselves from malicious threats and other virtual risks.

However, this certification is also relevant to private sector businesses as it offers a robust framework for approaching cyber security.

While the last — quite major — update was only a year before this new update, the scheme is again being updated to help keep up with new risks, threats and other new information that has become relevant within the past year.

Changes to the Cyber Essentials Certification in 2023

Here’s an overview of the changes and clarifications that are made to the guidance within Cyber Essentials in 2023 —

  • User Devices: Rather than having the model of the device listed, only the make and operating system of the device will be required (with the exception of network devices).
  • Firmware: Router and firewall firmware must now be kept up to date (as all firmware is classed as software).
  • Third-Party Devices: More information on how third-party devices (such as from contractors, students or BYOD) should be handled will be given.
  • Device Unlocking: Applicants may now use the default setting and configuration for device unlocking (such as the number of incorrect attempts).
  • Malware Protection: Anti-Malware software will no longer be signature-based and will be clarified as to what kinds are suitable. Sandboxing is no longer suitable.
  • New Guidance on Zero-Trust Architecture: Plus a note on the importance of asset management.
  • Style and Language: The document has been reformatted for ease of reading.
  • Structure Updated: Technical controls have been reordered to align with the updated question set.
  • CE+ Testing: CE testing has been updated to align with the requirements changes — the biggest change here being the malware protection tests.

These updates are not as large as those that came about in 2022, but still are part of the strategy to improve this scheme and make it better for modern businesses to utilise to their advantage.

In fact, these changes are all based on feedback from applicants and assessors, meaning that they’re all generally quite important changes that improve the scheme significantly.

Benefits of a Cyber Essentials Certification

Improve Security Posture

Cybersecurity is valuable, which means that it has become quite expensive. The Cyber Essentials Certification is a great way for any company — especially SMBs — to ensure that you’ve got the basics covered to protect your business, without having to spend lots on dedicated cybersecurity personnel.

This certification takes you through the basics of cybersecurity and helps ensure you stay protected from the majority of the attacks that you’d otherwise face. This is why it’s crucial to ensure that you at least use this scheme to ensure that you have the basics covered.

Build Trust with Prospects and Customers

A transaction has two involved parties, and any business wants to make sure that the other party is trustworthy and comfortable to work with.

This certification shows that your company not only takes security seriously but also has the knowledge required to take steps to protect itself (and therefore your customers and prospects).

With this, you can build better relationships and have customers and prospects rely on you more confidently, ultimately resulting in better business opportunities for your organisation — which could be the stepping stone to the pinnacle of success for your company.

Bid for Government Contracts

As mentioned previously, the UK government will allow businesses to work with them if they have the Cyber Essentials Certification.

This is also true for contracted work from the government. The government handles a lot of sensitive data and information, so not investing time and effort into this certification could be a complete hindrance to your business’s chances of working with the UK government.

Whether big or small, a government contract is a huge deal for a large number of companies across the United Kingdom. This means that failing to do such an important prerequisite for this can have large consequences for even bidding for government contracts, let alone obtaining one.

How We Can Help

Cybersecurity is essential to help your organisation face the risks and dangers of the virtual world and is important to the long-term success of your organisation.

The Cyber Essentials Certification is the best way to learn all the essentials that you need to know when it comes to cybersecurity and is a must-have for any British company or organisation looking to ensure they prosper in the future. These changes truly help the scheme become better and more informative for every applicant.

If you’re looking to get started with cybersecurity and look into Cyber Essentials, why not contact us today? We’re here to help you through the whole process. Get in touch now!