National Cyber Security Centre
New look Cyber Essentials scheme supports organisations to stay ahead of the cyber threat
Overhaul of the technical control requirements reflect the changes in the way organisations are now working.
- Update represents biggest change to the Cyber Essentials scheme since it was launched in 2014
- Scheme revised in response to evolving cyber security challenges and increased threat of ransomware that UK businesses now face
- Speed of digital transformation, increased adoption of cloud services and home working key factors in updating the scheme
ORGANISATIONS in the UK are set to benefit from a refreshed government-backed scheme which supports them to protect against the majority of cyber attacks, including ransomware.
Cyber Essentials, which is developed by the National Cyber Security Centre – a part of GCHQ – and delivered by IASME, is a certification scheme that supports organisations of all sizes to guard against online threats and demonstrate a commitment to cyber security to customers and stakeholders.
It has been updated following a major technical review which will help organisations maintain their minimum cyber hygiene in an evolving threat landscape. Amongst the main changes are revisions to the use of cloud services, home working, multi-factor authentication, password management, and security updates.
Through the Cyber Essentials scheme, businesses can learn how to defend themselves by securing internet connections and devices, controlling access to data, and understanding how to protect against ransomware.
The benefits of achieving certification include being able to reassure customers that the data held by an organisation is resilient to an attack, the ability to attract new business with the promise that cyber security measures are in place, and having a clear picture of your cyber security level.
Chris Ensor, NCSC Deputy Director for Cyber Skills and Growth, yesterday said:
“The landscape in which organisations are operating in cyber space is constantly changing, and this major refresh of the technical controls reflects the cyber security challenges of today.
“We’ve strengthened the Cyber Essentials scheme so that it continues to meet evolving threats and the increased risk of ransomware, and I would encourage UK businesses of any size to take part in order to protect themselves from the most common attacks.”
Many of these changes have been developed by the NCSC based on the feedback of assessors and previous applicants to the scheme, as well as consultation with the Cloud Industry Forum.
As of yesterday, the refreshed Cyber Essentials scheme will also incorporate a renewed pricing structure which better reflects the increasingly complex nature of assessments for some organisations.
Achieving Cyber Essentials certification allows businesses to
- reassure customers that they have put measures in place to secure their IT against cyber attacks;
- attract new business with the promise they have independently verified cyber security measures in place;
- have a clear picture of their cyber security level, and;
- apply for some government contracts which require Cyber Essentials certification.
More information for businesses on how to achieve Cyber Essentials certification can be found on the IASME website.
The NCSC’s Head of Commercial Assurance Services, Anne W, has written a blog post outlining the latest changes to Cyber Essentials.
Latest News from
National Cyber Security Centre
UK joins international cyber agency partners to release supply chain guidance12/05/2022 14:20:00
Joint advisory sets out practical steps to take for managed service providers and their customers to protect themselves.
NCSC joins industry to offer unprecedented protection for public from scams12/05/2022 13:20:00
Data sharing collaboration will allow ISPs to instantly block access to fraudulent sites.
Organisations offered streamlined guidance to help them move to the cloud12/05/2022 11:15:00
Cloud security guidance refreshed to support small businesses to large organisations moving to cloud-based services.
Chancellor of the Duchy of Lancaster speech at Cyber UK11/05/2022 16:12:00
Steve Barclay today gave a speech at the Cyber UK conference in Wales.
Russia behind cyber attack with Europe-wide impact an hour before Ukraine invasion11/05/2022 15:43:00
New UK and US intelligence suggests Russia was behind an operation targeting commercial communications company Viasat in Ukraine.
New email security tool launched to help organisations check their defences11/05/2022 10:33:00
A free email security check service helps organisations identify vulnerabilities.
NCSC significantly expands services to protect UK from record number of online scams11/05/2022 09:15:00
A record number of scams were removed from the internet in 2021 thanks to the Active Cyber Defence programme.
NCSC and allies publish advisory on the most commonly exploited vulnerabilities in 202127/04/2022 16:10:00
A joint advisory from the NCSC and international partners details the 15 most commonly exploited vulnerabilities in 2021.