The 2022 Cyber Essentials Update – what does your business need to know?

Cyber Essentials and Cyber Essentials Plus were first introduced in 2015, developed purely for the UK as a certification scheme to demonstrate that an organisation has a minimum level of protection in cyber security. This protection is regularly proven through annual assessments in order to maintain certifications. The scheme is backed by the UK government and overseen by the National Cyber Security Centre.

In December 2021 NCSC.Gov and IASME announced that after 7 years, Cyber Essentials and Cyber Essentials Plus accreditations set of requirements were undergoing changes, what where they, and how will they impact your business?

Many thousands of businesses in the UK are already Cyber Essentials certified, back in 2019, there were over 30,000 certified companies, but now, following recent global events, this number will be much higher.

The cyber security challenges that businesses are now facing required a pragmatic update to the Cyber Essentials requirements.  Many of the new controls have been influenced to ensure businesses are better protected for their digital transformations. The changes have also been implemented to protect them for the huge move to cloud services due to the increase in remote working and the use of apps.

Since Cyber Essentials initial release, cyber criminals have been continuously adapting and evolving, the 2022 Cyber Essentials update delivers better protection protocols and processes for businesses. The most noteworthy update to the scheme is the change from yearly technical reviews on each certified business, to more regular checks on technical controls.

The modernisation to the scheme is, in the opinion of some cyber security experts, long overdue. Cyber criminals and their attacks have continuously developed, and the scheme had, until this point, not kept up with the new challenges. These new measures and controls should ensure that businesses are better protected, and gaining a certification will provide reassurance to customers, staff, investors, and business owners.

Officially released on the 24th January 2022, The NCSC and IASME have confirmed that these new updates will assist businesses and organisations to maintain basic cyber hygiene. We do need to reiterate that despite being a recognised and respected certification of certified cyber hygiene, gaining Cyber Essentials is only the basic  level of cyber hygiene. Cyber Essentials is your starting point to better cyber security, it’s a recognised, monitored certification, but, truth be told, your business will still need additional cyber security measures and processes in place.

The Cloud and More cyber security experts are official Cyber Essentials partners, we can help businesses to achieve their Cyber Essentials and Cyber Essentials Plus certifications.

If you’re looking to gain your Cyber Essentials, review your current cyber security measures or learn more about attaining Cyber Essentials and the benefits it brings, we can help. At Cloud and More we also offer a free Cyber Security audit, ensuring you can gain, in advance, an idea of the status of your cyber resilience, feel free to enquire now.


If you’d like to learn more about Cloud and More, and how we could better support your business, we’re more than happy to help. Feel free to get in touch .

You’re also more than welcome to book a no-obligation meeting, simply click below to book a time that best suits you.


Business IT Support: The Ultimate Guide

Business IT Support: The Ultimate Guide

With more businesses transitioning services to the cloud, equipping remote workers and undertaking digital transformation, the reasons to call on the services of an external IT support partner are obvious. As IT estates grow and become more complex, organisations are...

read more