Site icon O'Brien Media Website Design & Support

Upcoming Changes to the Cyber Essentials Scheme

Login into account in email envelope and fishing hook

Login into account in email envelope and fishing hook. Internet phishing, hacked login and password. Netwrok and internet security. Anti virus, spyware, malware. Vector illustration in flat style

The Cyber Essentials scheme is an essential part of the UK’s efforts to protect against cyber-attacks. It provides businesses of all sizes with a framework of security controls that they can implement to reduce the risk of a cyber breach. On 23rd January 2023, the National Cyber Security Centre (NCSC) published an updated set of requirements for the Cyber Essentials scheme, version 3.1, which will come into force on 24th April 2023.

The new requirements, known as the ‘Montpellier question set’, will replace the Evendine version that was in place in the previous year. The changes are designed to reflect the evolving threat landscape and ensure that the Cyber Essentials scheme remains relevant and effective in the face of new and emerging threats.

So, what are the key changes that businesses need to be aware of?

One of the most significant changes is the introduction of new requirements around supply chain security. This reflects the fact that many cyber-attacks are now initiated through third-party suppliers, rather than through a direct attack on the target business. The new requirements will mean that businesses need to ensure that their supply chain partners are also adhering to Cyber Essentials principles.

Another notable change is the requirement for businesses to demonstrate that they have an incident response plan in place. This means that they need to have a clear and documented process for responding to a cyber-attack, including who is responsible for what, and how they will communicate with key stakeholders.

The new requirements also include more stringent controls around password management, as well as additional guidance on patching and software updates.

Overall, the changes to the Cyber Essentials scheme are designed to ensure that businesses are better protected against the evolving threat landscape. By implementing the new requirements, businesses can reduce their risk of a cyber-attack and demonstrate to customers and stakeholders that they take cyber security seriously. With the Montpellier question set coming into force on 24th April 2023, businesses should start preparing now to ensure that they are ready to meet the new requirements.

In addition to the changes mentioned above, there are several other updates that businesses should be aware of.

These include:

It’s worth noting that while the changes to the Cyber Essentials scheme are designed to improve security, they are not a guarantee against cyber-attacks. Businesses should view the scheme as a baseline set of controls that they can implement to reduce their risk, but they should also consider additional measures to further strengthen their security.

The changes to the Cyber Essentials scheme represent a crucial step in ensuring that businesses are better protected against cyber-attacks. By implementing the new requirements, businesses can demonstrate that they take cyber security seriously and are taking steps to reduce their risk. With the new requirements coming into force on 24th April 2023, businesses should start preparing now to ensure that they are ready to meet the new standards.

Exit mobile version