Cyber Essentials April 2025 Update: What you Need to Know

The UK government-supported Cyber Essentials program has long since been a pivotal framework for helping businesses safeguard against cyber threats.

Regularly updated to ensure it remains effective, Cyber Essentials’ latest changes will come into force April 28, 2025, and all further applications will be assessed against the updated standards. 

New in the Cyber Essentials Requirements for IT Infrastructure Document: 

1. Passwordless authentication 

Following the mandated use of multi-factor authentication in 2022, new technology for account access will be introduced to allow secure identity verification without traditional passwords. 

2. Software definition updated  

The software definition now includes the term ‘extensions’ instead of ‘plugins’, offering improved accuracy.

3. Vulnerability fixes added  

The term ‘vulnerability fixes’ will also replace the old phrasing ‘patches and updates’. This is to offer a more comprehensive understanding of the process of vulnerability assessment.

4. ‘Home working’ phrase extended to ‘home and remote working’ 

Terminology will also be updated to encompass all forms of remote work, including work conducted outside of the home or office.

Updated in the Cyber Essentials Plus Test Specification:

1. New verification pointers introduced

As well as removing the word ‘illustrative’ from the document name, new verification pointers have been added to ensure the Cyber Essentials Plus assessment scope aligns with the self-assessment certificate.

2. Verification of segregation by sub-set added

Guidelines have been added to confirm that any organisational subsets have been properly segregated using technical methods prior to testing.

3. Verification of sampling added

The last update in the Cyber Essentials Plus document is the verification of sampling addition. This emphasises the need for a representative sample of devices during testing and provides specific guidance on how to determine an appropriate sample size.

Why achieving Cyber Essentials status matters:

1. Rising cyber threats 

Cyber-crime continues to grow in scale and sophistication, with attacks becoming more targeted and disruptive.

2. Compliance requirements 

Adhering to cyber security best practices is no longer just good business sense; it is a legal and regulatory necessity.

3. Boosting business reputation

In a competitive market, trust is a key differentiator. Clients and partners increasingly seek assurance that their data is handled securely.

4. Facilitating public sector contracts 

Many UK government contracts require Cyber Essentials certification as a prerequisite.

Steps to achieve Cyber Essentials Certification in 2025: 

Getting certified under the updated Cyber Essentials program involves several steps: 

1. Assess your current cyber security measures 

Begin by reviewing your organisation’s existing cyber security practices against the Cyber Essentials requirements. Identify gaps and areas for improvement.

2. Implement necessary changes 

Address any identified weaknesses by implementing the required controls. This may involve updating software, configuring firewalls, deploying security patches, or formalising your incident response plan. 

3. Complete the self-assessment questionnaire 

The certification process starts with a self-assessment questionnaire (SAQ), which evaluates your compliance with the Cyber Essentials controls. The questionnaire must be submitted to an accredited certification body for review. 

4. Undergo a technical audit (for Cyber Essentials Plus) 

For organisations seeking the more advanced Cyber Essentials Plus certification, a technical audit is required. This involves a hands-on assessment of your IT systems by a qualified assessor to verify that the controls are implemented effectively. 

5. Achieve certification 

Once your application is approved, you will receive your Cyber Essentials certificate, which is valid for one year. To maintain certification, you’ll need to complete the process annually and keep up with any new updates to the framework. 

Website: www.littlefish.co.uk

LinkedIn: https://www.linkedin.com/company/littlefish-uk-ltd

Cyber Resilience Programme activities

techUK brings together key players across the cyber security sector to promote leading-edge UK capabilities, build networks and grow the sector. techUK members have the opportunity to network, share ideas and collaborate, enabling the industry as a whole to address common challenges and opportunities together. Visit the programme page here.

Cyber Resilience: Year in Review 2024

2024 was another jam packed year for techUK’s cyber programme.

Click here to read more

Government launches consultation on proposed legislation to address the threat of ransomware

The Home Office is seeking views on proposals to address the threat of ransomware.

Click here to find out more information

 

Upcoming events

13 March 2025

Cyber Security and Beyond: The Impact of the Trump Administration’s Initiatives on UK Tech Companies

London and Online Market briefing

18 March 2025

The critical role of observability in powering energy and utilities: A webinar sponsored by Elastic, Microsoft and Kyndryl.

Online Industry Briefing

19 March 2025

techUK/DSIT AI Cyber Security Workshop

London Workshop

Latest news and insights 

11 Mar 2025

UK’s cyber sector’s contribution to economy reaches new heights

11 Mar 2025

Cyber Essentials April 2025 Update: What you Need to Know

05 Mar 2025

Talking 5 with Cyber Resilience Member The Cyber Scheme

President's Awards 2025 - Nominations Open!

Do you have a trailblazer in your team? Do you work with an innovator or a problem solver? Do you have an inspirational colleague who deserves the spotlight for their work? The President’s Awards are back for 2025 and open for nominations. All techUK members are encouraged to nominate one colleague.

Learn more and nominate

Learn more and get involved

 

Cyber Resilience updates

Sign-up to get the latest updates and opportunities from our Cyber Resilience programme.

 

 

Here are the five reasons you should join the Cyber Resilience programme.

Learn about the value members get from our work

Download

Join techUK groups

techUK members can get involved in our work by joining our groups, and stay up to date with the latest meetings and opportunities in the programme.

Learn more

 

Become a techUK member

Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.

Learn more

 Meet the team 

Jill Broom

Head of Cyber Resilience, techUK

Jill leads the techUK Cyber Security programme, having originally joined techUK in October 2020 as a Programme Manager for the Cyber and Central Government programmes. She is responsible for managing techUK's work across the cyber security ecosystem, bringing industry together with key stakeholders across the public and private sectors. Jill also provides the industry secretariat for the Cyber Growth Partnership, the industry and government conduit for supporting the growth of the sector. A key focus of her work is to strengthen the public–private partnership across cyber to support further development of UK cyber security and resilience policy.

Before joining techUK, Jill worked as a Senior Caseworker for an MP, advocating for local communities, businesses and individuals, so she is particularly committed to techUK’s vision of harnessing the power of technology to improve people’s lives. Jill is also an experienced editorial professional and has delivered copyediting and writing services for public-body and SME clients as well as publishers.

Email:

[email protected]

Website:

www.techuk.org/

LinkedIn:

https://www.linkedin.com/in/jill-broom-19aa824

Read lessmore

Annie Collings

Programme Manager, Cyber Resilience, techUK

Annie is the Programme Manager for Cyber Resilience at techUK. She first joined as the Programme Manager for Cyber Security and Central Government in September 2023. 

In her role, Annie supports the Cyber Security SME Forum, engaging regularly with key government and industry stakeholders to advance the growth and development of SMEs in the cyber sector. Annie also coordinates events, engages with policy makers and represents techUK at a number of cyber security events.

Before joining techUK, Annie was an Account Manager at a specialist healthcare agency, where she provided public affairs support to a wide range of medical technology clients. She also gained experience as an intern in both an MP’s constituency office and with the Association of Independent Professionals and the Self-Employed. Annie holds a degree in International Relations from Nottingham Trent University.

Email:

[email protected]

Twitter:

anniecollings24

LinkedIn:

https://www.linkedin.com/in/annie-collings-270150158/

Read lessmore

Tracy Modha

Team Assistant - Markets, techUK

Tracy supports several areas at techUK, including Cyber Exchange, Cyber Security, Defence, Health and Social Care, Local Public Services, Nations and Regions and National Security.

Tracy joined techUK in March 2022, having worked in the education sector for 19 years, covering administration, research project support, IT support and event/training support. My most outstanding achievement has been running three very successful international conferences and over 300 training courses booked all over the globe!

Tracy has a great interest in tech. Gaming and computing have been a big part of her life, and now electric cars are an exciting look at the future. She has warmed to Alexa, even though it can sometimes be sassy!

Email:

[email protected]

Phone:

02073312000

Twitter:

@TracyModha,@TracyModha

Website:

www.techuk.org,www.techuk.org

LinkedIn:

https://www.linkedin.com/in/tracymodha83,https://www.linkedin.com/in/tracymodha83

Read lessmore

 

Authors

Shruti Chaudhary

Associate Information Security Consultant, Littlefish

Shruti Chaudhary is Associate Information Security Consultant at Littlefish, a UK-based, award-winning managed IT, cyber security, and Microsoft business solutions service provider.

Shruti aids Littlefish’s cyber division in delivering security solutions across various sectors and industries, including retail, manufacturing, biopharmaceuticals, Central Government, social housing, charity, and blue lights organisations.  

Originally a student of French and politics, and after transitioning from teaching English as a second language, Shruti pivoted careers to cyber security, wanting to pursue her passion for learning and her desire to make a tangible impact by solving real-world security challenges.

She initially gained hands-on cyber security expertise at CAPSLOCK, where she developed a keen interest in consulting, security assessments, and compliance, particularly enjoying simplifying complex security concepts for non-technical audiences, drawing on her teaching skills.

Shruti thrives in engaging environments with like-minded people who are passionate about delivering enhanced user experiences, improved customer satisfaction, and authentic business value. 

Read lessmore