Cyber Essentials April 2023 Update

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 

About the Cyber Essentials April 2023 Update

On 24th January 2022, an updated set of requirements for the Cyber Essentials certification scheme came into effect.  Those were major changes to the scheme, in fact, they were the largest since the scheme’s inception in 2014.  

The April 2023 changes are a “light touch” update and largely focus on a series of clarifications, but they also include important new guidance.

Why are the 2022 and 2023 changes needed?

The changes are a direct response to the dramatic shift over the past 3 years in how we work.  High levels of home and hybrid-working and the increasing adoption of cloud services has left companies more vulnerable to cyber security threats.  The changes to the Cyber Essentials scheme have been introduced to counter this risk.

What do I need to do…..

I’m thinking about starting a Cyber Essentials assessment?  Any application will need to apply the updated requirements introduced in January 2022.  Please note, the grace period of up to 12 months that was due to end in January 2023 on select requirements (to reflect extra effort that may be needed for some organisations), has been extended to 24th April 2023. Any application started on or after 24th April 2023 will need to use the new requirements taking effect in April and also those select requirements which are no longer covered by the grace period.

I am already Cyber Essentials certified?  For those who are already certified, your certification will remain valid.  When you come to renew your certification, you will however need to be assessed against the updated requirements.

Is it worth it?

Of course, the updated requirements to the Cyber Essentials scheme will likely make certification harder to achieve. Despite this, a company should not be deterred in taking steps towards certification. In practical terms, your company will be more cyber-secure and show a clear commitment to cyber security to your existing, and potential, customers. In cost terms, the Cyber Essentials application is a valuable accreditation that could be significantly cheaper than the effects of a successful security breach of your network.


Cyber Essentials Scheme & IASME Governance

Cyber Essentials is a government-backed, industry supported scheme designed by the NCSC to help protect organisations against common cyber-attacks. Cyber Essentials was developed as a simple prescriptive formula based on evidence of the attacks. By design the scheme addresses the most common Internet-based threats to cyber security — particularly, attacks that use widely available tools and demand little skill including hacking, phishing and password guessing.

The NCSC advertises Cyber Essentials as suitable for any size of organisation and in our experience it should be considered alongside ISO 27001, PCI DSS and the NIST Cyber Security Framework as cyber security compliance standards to protect your organisation. The UK government often requires its suppliers to achieve Cyber Essentials and it is recommended by the Information Commissioner’s Office (“ICO”); those who process NHS patient data will benefit from achieving Cyber Essentials Plus before they complete the NHS’s Data Security and Protection Toolkit.

We evaluate and refine the five controls which protect against the most common enterprise attacks; access and privilege management, network configurations, patch management, malware protection, and perimeter security.

PrimoConnect makes it easy for companies looking to gain Cyber Essentials self-assessment and Cyber Essentials Plus accreditation. We work closely with organisations to understand their individual challenges and concerns to provide recommendations and guidance to achieve certification.

IASME Governance
The Information Assurance for Small to Medium-sized Enterprises (IASME) Governance Standard is a structured way for an organisation to implement and improve the way it secures information and offers assurance to the government, regulators, customers and vendors regarding its posture. The IASME Governance Standard is designed to guide the SME where needed and then assess their level of maturity.

Cyber Essentials is an integral part of IASME Governance, which helps to protect organisations against common cyber-attacks.

Cyber Essentials
This is a foundation-level certification specifically designed to provide a self assessment of basic controls an organisation requires to mitigate risk from different common cyber threats.

Cyber Essentials Plus
Cyber Essentials Plus involves both internal and external tests of your network and computers. It will involve a visit to your site and provides more assurance that you are complying with the Cyber Essentials Scheme than the basic self-assessment level.