This year’s changes to Cyber Essentials

If you want an easy way to know that you’ve protected your business from cyberattacks, the UK government-backed Cyber Essentials scheme is it.

It’s also a great driver of business. Because if you want to get any lucrative government contracts or do business with many larger organisations, you will need to prove your business’s cybersecurity practices meet Cyber Essentials criteria.

But cybercrime threats aren’t static. And nor are measures like Cyber Essentials that are designed to protect against them.

In 2022, the Cyber Essentials scheme will undergo some big changes. Here is everything you need to know about them.

Is Cyber Essentials worth it for my business?

If you use IT as part of your daily business operations, making sure you’re as well protected as possible against cybercrime is definitely worthwhile.

Cyber Essentials covers all the most common types of cyberattacks that your systems or team might face. If you’ve ever worried about your business’s cybersecurity but haven’t been sure where to start, Cyber Essentials should probably be top of your list.

Why is Cyber Essentials changing?

The Cyber Essentials scheme was first launched back in 2014. Back then, it covered all the important bases. When it comes to technology these days though, seven years is a long time.

For instance, cloud services and hybrid working technologies and practices were effectively in their infancy back in 2014. They certainly weren’t used at anything like the level they are today.

That’s why the NCSC (the National Cyber Security Centre) and the accreditation body IASME have decided it’s well past time to update the Cyber Essentials scheme.

How will Cyber Essentials change in 2022?

Starting on 24th January 2022, new Cyber Essentials requirements will come into effect. The new rules are named “Evendine” and will include:

  1. An industry-wide change in pricing – the new measures mean there’s now quite a wide range in the time and complexity the measures require to implement depending on the size of an organisation. The NCSC and IASME feel this calls for more granularity in pricing structure.
  2. Measures aimed at cloud services – SaaS (Software as a Service), IaaS (Infrastructure as a Service), and PaaS (Platform as a Service) models will be included in Cyber Essentials assessments for the first time.
  3. Updates for other measures – existing measures relating to MFA (Multi-Factor Authentication), password management, security and others will be updated to reflect the modern cyber security landscape.

What do I need to do?

If you’ve already started the application process for Cyber Essentials and have yet to complete it by 24th January, you have six months to complete your assessment in line with the older criteria.

If you’re applying after that date, you need to meet the new Evendine criteria. You will get an extra year to update your practices to meet them, however.

If in any doubt, it’s worth getting in touch with your Managed Service Provider to make sure you’re still up-to-date.

If you’re yet to start protecting your organisation in line with Cyber Essentials criteria, the new changes in store in 2022 should give you all the excuse you need to act now.

Want to make sure your business is protected to Cyber Essentials standards?

Let’s talk. Dial A Geek is trusted by almost 1000 businesses in and around Bristol to make sure their cybersecurity does what they need it to do.

Arrange a cost and commitment-free consultation with Chief Geek Gildas Jones today. Let’s talk through how we’ll make sure yours does the same for you.