Guest blog (Littlefish): Cyber Essentials April 2025 Update: What you Need to Know
The UK government-supported Cyber Essentials program has long since been a pivotal framework for helping businesses safeguard against cyber threats.
Regularly updated to ensure it remains effective, Cyber Essentials’ latest changes will come into force April 28, 2025, and all further applications will be assessed against the updated standards.
New in the Cyber Essentials Requirements for IT Infrastructure Document:
1. Passwordless authentication
Following the mandated use of multi-factor authentication in 2022, new technology for account access will be introduced to allow secure identity verification without traditional passwords.
2. Software definition updated
The software definition now includes the term ‘extensions’ instead of ‘plugins’, offering improved accuracy.
3. Vulnerability fixes added
The term ‘vulnerability fixes’ will also replace the old phrasing ‘patches and updates’. This is to offer a more comprehensive understanding of the process of vulnerability assessment.
4.‘Home working’ phrase extended to ‘home and remote working’
Terminology will also be updated to encompass all forms of remote work, including work conducted outside of the home or office.
Updated in the Cyber Essentials Plus Test Specification:
1.New verification pointers introduced
As well as removing the word ‘illustrative’ from the document name, new verification pointers have been added to ensure the Cyber Essentials Plus assessment scope aligns with the self-assessment certificate.
2. Verification of segregation by sub-set added
Guidelines have been added to confirm that any organisational subsets have been properly segregated using technical methods prior to testing.
3. Verification of sampling added
The last update in the Cyber Essentials Plus document is the verification of sampling addition. This emphasises the need for a representative sample of devices during testing and provides specific guidance on how to determine an appropriate sample size.
Why achieving Cyber Essentials status matters:
1. Rising cyber threats
Cyber-crime continues to grow in scale and sophistication, with attacks becoming more targeted and disruptive.
2. Compliance requirements
Adhering to cyber security best practices is no longer just good business sense; it is a legal and regulatory
3. Boosting business reputation
In a competitive market trust is a key differentiator. Clients and partners increasingly seek assurance that their data is handled securely.
4. Facilitating public sector contracts
Many UK government contracts require Cyber Essentials certification as a prerequisite.
Steps to achieve Cyber Essentials Certification in 2025:
Getting certified under the updated Cyber Essentials program involves several steps:
1. Assess your current cyber security measures
Begin by reviewing your organisation’s existing cyber security practices against the Cyber Essentials requirements. Identify gaps and areas for improvement.
2. Implement necessary changes
Address any identified weaknesses by implementing the required controls. This may involve updating software, configuring firewalls, deploying security patches, or formalising your incident response plan.
3. Complete the self-assessment questionnaire
The certification process starts with a self-assessment questionnaire (SAQ), which evaluates your compliance with the Cyber Essentials controls. The questionnaire must be submitted to an accredited certification body for review.
4. Undergo a technical audit (for Cyber Essentials Plus)
For organisations seeking the more advanced Cyber Essentials Plus certification, a technical audit is required. This involves a hands-on assessment of your IT systems by a qualified assessor to verify that the controls are implemented effectively.
5. Achieve certification
Once your application is approved, you will receive your Cyber Essentials certificate, which is valid for one year. To maintain certification, you’ll need to complete the process annually and keep up with any new updates to the framework.
techUK - Seizing the AI Opportunity
The UK is a global leader in AI innovation, development and adoption.
AI has the potential to boost UK GDP by £550 billion by 2035, making adoption an urgent economic priority. techUK and our members are committed to working with the Government to turn the AI Opportunities Action Plan into reality. Together we can ensure the UK seizes the opportunities presented by AI technology and continues to be a world leader in AI development.
Get involved: techUK runs a busy calendar of activities including events, reports, and insights to demonstrate some of the most significant AI opportunities for the UK. Our AI Hub is where you will find details of all upcoming activity. We also send a monthly AI newsletter which you can subscribe to here.
Upcoming AI events
AI Vision to Value: Delivering the UK's AI Opportunities Action Plan
Central London Conference
Latest news and insights
Subscribe to our AI newsletter
AI and Data Analytics updates
Sign-up to our monthly newsletter to get the latest updates and opportunities from our AI and Data Analytics Programme straight to your inbox.
Contact the team
Kir Nuthi
Kir Nuthi
Kir Nuthi is the Head of AI and Data at techUK.
She holds over seven years of Government Affairs and Tech Policy experience in the US and UK. Kir previously headed up the regulatory portfolio at a UK advocacy group for tech startups and held various public affairs in US tech policy. All involved policy research and campaigns on competition, artificial intelligence, access to data, and pro-innovation regulation.
Kir has an MSc in International Public Policy from University College London and a BA in both Political Science (International Relations) and Economics from the University of California San Diego.
Outside of techUK, you are likely to find her attempting studies at art galleries, attempting an elusive headstand at yoga, mending and binding books, or chasing her dog Maya around South London's many parks.
- Email:
- [email protected]
Usman Ikhlaq
Usman Ikhlaq
Usman joined techUK in January 2024 as Programme Manager for Artificial Intelligence.
He leads techUK’s AI Adoption programme, supporting members of all sizes and sectors in adopting AI at scale. His work involves identifying barriers to adoption, exploring solutions, and helping to unlock AI’s transformative potential, particularly its benefits for people, the economy, society, and the planet. He is also committed to advancing the UK’s AI sector and ensuring the UK remains a global leader in AI by working closely with techUK members, the UK Government, regulators, and devolved and local authorities.
Since joining techUK, Usman has delivered a regular drumbeat of activity to engage members and advance techUK's AI programme. This has included two campaign weeks, the creation of the AI Adoption Hub (now the AI Hub), the AI Leader's Event Series, the Putting AI into Action webinar series and the Industrial AI sprint campaign.
Before joining techUK, Usman worked as a policy, regulatory and government/public affairs professional in the advertising sector. He has also worked in sales, marketing, and FinTech.
Usman holds an MSc from the London School of Economics and Political Science (LSE), a GDL and LLB from BPP Law School, and a BA from Queen Mary University of London.
When he isn’t working, Usman enjoys spending time with his family and friends. He also has a keen interest in running, reading and travelling.
Sue Daley OBE
Sue Daley OBE
Sue leads techUK's Technology and Innovation work.
This includes work programmes on cloud, data protection, data analytics, AI, digital ethics, Digital Identity and Internet of Things as well as emerging and transformative technologies and innovation policy.
In 2025, Sue was honoured with an Order of the British Empire (OBE) for services to the Technology Industry in the New Year Honours List.
She has been recognised as one of the most influential people in UK tech by Computer Weekly's UKtech50 Longlist and in 2021 was inducted into the Computer Weekly Most Influential Women in UK Tech Hall of Fame.
A key influencer in driving forward the data agenda in the UK, Sue was co-chair of the UK government's National Data Strategy Forum until July 2024. As well as being recognised in the UK's Big Data 100 and the Global Top 100 Data Visionaries for 2020 Sue has also been shortlisted for the Milton Keynes Women Leaders Awards and was a judge for the Loebner Prize in AI. In addition to being a regular industry speaker on issues including AI ethics, data protection and cyber security, Sue was recently a judge for the UK Tech 50 and is a regular judge of the annual UK Cloud Awards.
Prior to joining techUK in January 2015 Sue was responsible for Symantec's Government Relations in the UK and Ireland. She has spoken at events including the UK-China Internet Forum in Beijing, UN IGF and European RSA on issues ranging from data usage and privacy, cloud computing and online child safety. Before joining Symantec, Sue was senior policy advisor at the Confederation of British Industry (CBI). Sue has an BA degree on History and American Studies from Leeds University and a Masters Degree on International Relations and Diplomacy from the University of Birmingham. Sue is a keen sportswoman and in 2016 achieved a lifelong ambition to swim the English Channel.
- Email:
- [email protected]
- Phone:
- 020 7331 2055
- Twitter:
- @ChannelSwimSue,@ChannelSwimSue
Visit our AI Hub - the home of all our AI content:
Authors
Shruti Chaudhary
Shruti Chaudhary is Associate Information Security Consultant at Littlefish, a UK-based, award-winning managed IT, cyber security, and Microsoft business solutions service provider.
