What the new Cyber Essentials requirements mean for your business

What the new Cyber Essentials requirements mean for your business


Cybersecurity knowledge is essential for individuals and businesses alike. In the United Kingdom, the Cyber Essentials scheme is a government backed project that exists to help organisations become more aware of the modern problems of the cyber world. This is a certification which will help to protect your organisation.

In April 2023, a new set of requirements for Cyber Essentials Certification will be introduced. Here, we explain the changes and how they could affect your business.

What is the Cyber Essentials Certification?

The Cyber Essentials Certification is a certification achievable in the United Kingdom.

The goal of this certification, curated in 2014, is to educate organisations and businesses on the risks and dangers of the modern, virtual world, and to help companies to protect themselves against possible cyber attacks and threats. However, it is also relevant to private sector businesses as it offers a robust framework for approaching cyber security.

While the last major update was only a year prior, the scheme is being updated again to help keep up with new risks, threats and other new information that have become relevant within the last 12 months.

Changes to the Cyber Essentials Certification in 2023

Here’s an overview of the changes and clarifications that are made to the guidance within Cyber Essentials in 2023

  • User Devices: Rather than having the model of the device listed, only the make and operating system of the device will be required (with the exception of network devices).
  • Firmware: Only router and firewall firmware must now be kept up to date (as all firmware is classed as software).
  • Third-Party Devices: More information on how third-party devices (such as from contractors or students) should be handled will be provided.
  • Device Unlocking: Applicants may now use the default setting and configuration for device unlocking (such as the number of incorrect attempts).
  • Malware Protection: Anti-Malware software will no longer be signature-based and suitable kinds will be clarified. Sandboxing is no longer suitable.
  • New Guidance on Zero-Trust Architecture: Plus a note on the importance of asset management.
  • Style and Language: The document has been reformatted for ease of reading.
  • Structure Updated: Technical controls have been reordered to align with the updated question set.
  • CE+ Testing: CE testing has been updated to align with the requirements changes the biggest change here being the malware protection tests.

These updates, which were all derived from applicant and assessor feedback, are not as large as the updates that came about in 2022. However, they are still a vital part of the strategy to improve this scheme for modern businesses to use.

Benefits of a Cyber Essentials Certification

Improve Security Posture

Cybersecurity is valuable, and thus, relatively expensive. The Cyber Essentials Certification is a great way for any company especially SMBs to ensure that you’ve got the basics covered to protect your business, without having to spend funds on dedicated cybersecurity personnel.

This certification takes you through the basics of cybersecurity and helps to ensure that you stay protected from the vast majority of cyber attacks that you’d otherwise face.

Build Trust with Prospects and Customers

A transaction has two involved parties, and all businesses want to ensure that the other party is trustworthy and comfortable to work with.

This certification shows that your company not only takes security seriously, but also has the knowledge required to take steps to protect itself (and therefore your customers and prospects).

With this, you can build better relationships based on reliability, ultimately resulting in better business opportunities for your organisation.

Bid for Government Contracts

The UK government will allow businesses to work with them if they have the Cyber Essentials Certification.

This is also true for contracted work from the government. The government handles a significant amount of sensitive data and information, so not investing time and effort into this certification could be a hindrance to your business’s opportunities to work with the UK government.

Whether big or small, a government contract is a huge deal for many companies across the United Kingdom. Failing to do such an important prerequisite can have consequences for even bidding for government contracts, let alone obtaining one.

How Can Extech Cloud Help?

Cybersecurity is essential in the modern day and age. Helping your business face the risks and dangers of the modern virtual world is vital to the long-term success of your organisation.

The Cyber Essentials Certification is the best way to learn all the cybersecurity essentials that you need to know and is a must-have for any British company looking to ensure their company prospers in the future.

If you’re looking to get started with cybersecurity and learn more about Cyber Essentials, why not contact us today? Extech Cloud works with businesses in Burgess Hill, Haywards Heath, East Grinstead, Brighton and anywhere across Sussex or Surrey, and can support you throughout your entire cyber security journey. Contact the Extech Cloud team today to find out more.

Back to News & Resources

Related news

    Book a free online consultation

    We love talking to businesses and understanding what they do and what they need. If you'd like to book a short, no obligation consultation, please provide us with your details. We understand that you may already have an IT company, consultant or team, so all contacts are treated as completely confidential. A fresh new IT approach could begin here...

    DD slash MM slash YYYY


    Get answers to common questions here.

    News & Resources

    Get latest updates, downloads and white papers.