Cyber Essentials 2025: Upcoming changes

At Noble IT, we help businesses achieve and maintain Cyber Essentials and Cyber Essentials Plus certifications as part of our managed security services. As a Cyber Essentials provider, we want to inform you about the upcoming Cyber Essentials framework changes, set to take effect on April 28, 2025.

These updates refine key definitions and introduce new security expectations to keep businesses aligned with evolving cyber threats. If your organisation is already accredited or considering certification, here’s what you need to know.

Key Changes to Cyber Essentials in 2025

1. Updated Terminology

The Cyber Essentials framework is clarifying key definitions to ensure that guidance remains relevant and unambiguous:

• “Plugins” will be renamed “extensions,” covering browser add-ons, application integrations, and other software components.
• “Home working” will now be “home and remote working” – reflecting the modern hybrid work environment that includes working from cafes, co-working spaces, and other remote locations.

2. Passwordless Authentication Now Included

Cyber Essentials will officially recognise passwordless authentication methods to align with advancements in secure authentication. This includes:

• Biometric authentication (fingerprint, facial recognition, etc.).
• Security tokens (hardware keys such as YubiKeys).
• One-time passcodes delivered via secure apps.

These authentication measures provide stronger security than traditional passwords, reducing the risk of credential theft. If your organisation is considering moving towards a passwordless future, now is the time to start planning.

3. Broader Approach to Vulnerability Management

The requirement for applying security updates is expanding:

• The term “patches and updates” will be replaced with “vulnerability fixes”, covering not just traditional software patches but also configuration changes, registry adjustments, and security scripts.
• This ensures a more comprehensive approach to securing systems beyond installing vendor updates.

How This Affects Your Cyber Essentials Accreditation

If you are already Cyber Essentials accredited, you should review these changes to ensure compliance in future audits. If you’re considering accreditation, these updates highlight the increasing importance of strong authentication and proactive vulnerability management.

At Noble IT, we help businesses pass Cyber Essentials and maintain compliance practically and effectively. We can assist with:

• Gap analysis and remediation plans to align with the new requirements.
• Implementing passwordless authentication to future-proof your security.
• Managing updates and vulnerability fixes across your IT environment.

If you need help navigating these changes or ensuring your business is fully prepared, contact Noble IT today. Let’s ensure your cybersecurity remains resilient in 2025 and beyond.

📩 Want to get Cyber Essentials certified or renew your accreditation?

Get in touch with Noble IT today to discuss how we can support your compliance journey.