antic - stock.adobe.com

Cyber Essentials programme gets biggest update since launch

NCSC implements a thorough revision of its Cyber Essentials scheme to reflect the changing security landscape

The National Cyber Security Centre (NCSC) has unveiled a series of updates to its flagship Cyber Essentials certification scheme in the largest revision the programme has seen since its launch over seven years ago.

The changes are being made in response to the rapid evolution of the cyber security challenges faced by organisations located in the UK, in particular the threat of ransomware.

It also reflects the extent of the digital transformation efforts made by businesses during the Covid-19 pandemic, including the provision of support for remote or hybrid working, and uptake of cloud services.

Among some of the most immediately obvious changes are revisions to processes and procedures around the use of cloud services, home working, multi-factor authentication and password managements, and security updates and patches.

Chris Ensor, NCSC deputy director for cyber skills and growth, said: “The landscape in which organisations are operating in cyber space is constantly changing, and this major refresh of the technical controls reflects the cyber security challenges of today.

We have strengthened the Cyber Essentials scheme so that it continues to meet evolving threats and the increased risk of ransomware, and I would encourage UK businesses of any size to take part in order to protect themselves from the most common attacks.”

The NCSC devised the changes in collaboration with multiple parties and stakeholders – including previous applicants to the scheme, and the Cloud Industry Forum – following a technical review of the programme.

The updated programme, which will continue to be delivered through IASME, is designed to certify that organisations can appropriately guard against online threats, and are committed to demonstrating sound cyber practice to their own customers and stakeholders.

The NCSC said that besides gaining a clear picture of an organisation’s internal cyber posture, the benefits of becoming certified included being able to reassure customers that their data is safe and protected, and to attract new business. Cyber Essentials certification is also a requirement for multiple types of government contract.

Read more about the NCSC’s work

Read more on Regulatory compliance and standard requirements