Cyber Essentials is a UK government-backed scheme that helps businesses protect themselves from common cyber threats. It provides a framework for organizations to implement basic cybersecurity measures to safeguard their IT systems, data, and networks. In April 2023, the Cyber Essentials technical requirements will be updated to ensure that businesses remain protected from the evolving cyber threat landscape.
The new Cyber Essentials technical requirements will include several updates and enhancements to the existing controls. One of the main changes is the introduction of a new control category focused on remote working. With the rise of remote working due to the COVID-19 pandemic, it is essential for businesses to ensure that their remote workers are adequately protected. The new control category will cover areas such as secure remote access, secure communications, and secure devices.
Another key change in the updated Cyber Essentials technical requirements is the inclusion of controls to address supply chain risks. Supply chain attacks have become a significant threat in recent years, with cybercriminals targeting businesses through their third-party suppliers and vendors. The new controls will help businesses identify and manage supply chain risks, including assessing the cybersecurity practices of suppliers, managing access rights, and monitoring supplier activity.
The updated Cyber Essentials technical requirements will also include new controls to address emerging technologies such as the Internet of Things (IoT), cloud computing, and artificial intelligence (AI). These technologies are becoming increasingly prevalent in business environments, and it is essential for businesses to understand and manage the associated risks. The new controls will cover areas such as device management, data protection, and vulnerability management.
In addition to these changes, the updated Cyber Essentials technical requirements will also include enhancements to the existing controls. For example, the control on user access management will be expanded to include multi-factor authentication and password policies. The control on patch management will be updated to include regular vulnerability scanning and prioritization of patches based on risk.
Overall, the updated Cyber Essentials technical requirements will provide businesses with a more comprehensive framework for managing cybersecurity risks. By addressing emerging threats, such as supply chain attacks and remote working, and enhancing the existing controls, businesses will be better equipped to protect themselves against cyber threats. The updated requirements will also help businesses to remain compliant with the latest data protection regulations, such as the General Data Protection Regulation (GDPR).
In conclusion, the updated Cyber Essentials technical requirements represent a significant step forward in the UK’s efforts to improve cybersecurity. By providing businesses with a more comprehensive framework for managing cyber risks, the updated requirements will help to ensure that businesses are protected against the evolving threat landscape. With cyber threats becoming increasingly sophisticated and prevalent, it is essential for businesses to take proactive measures to safeguard their IT systems, data, and networks. The Cyber Essentials scheme is an important tool for achieving this goal, and the updated technical requirements will make it even more effective.

