The Cyber Essentials scheme was introduced by the UK Government in 2014 as a way to help make the UK the safest place to do business. Over time, the technology we all use and the threats against it have evolved, and the scheme has evolved with it. The latest evolution will take place on 24 January 2022, with the introduction of some significant changes:

  • Mandatory inclusion of all cloud services
  • Mandatory use of Multi-factor authentication for all cloud services
  • Clarifications around home working
  • Stronger requirements for password authentication
  • New device locking requirements
  • Clarifications around separation of Administrative and normal day-to-day accounts
  • Stronger requirements for software patching.

You can find out more at https://www.ncsc.gov.uk/information/update-to-the-cyber-essentials-technical-controls.

Some of these changes are effective immediately, while others will be phased in over 12 months. If you would like to complete your next Cyber Essentials renewal under the present rules, please contact us before 24 January 2022.

In addition to these technical changes, the pricing structure for Cyber Essentials will also change at the same time.