{"id":3272,"date":"2026-03-19T13:49:28","date_gmt":"2026-03-19T13:49:28","guid":{"rendered":"https:\/\/conscia.com\/uk\/?page_id=3272"},"modified":"2026-03-19T14:05:37","modified_gmt":"2026-03-19T14:05:37","slug":"cyber-essentials-is-changing-is-your-organisation-ready","status":"publish","type":"page","link":"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/cyber-essentials-is-changing-is-your-organisation-ready\/","title":{"rendered":"Cyber Essentials is changing \u2013 is your organisation ready?"},"content":{"rendered":"\n
\n\t
\n\t\t\t\t\t<\/div>\n\t\t
\n\t\t
\n\t\t\t
\n\t\t\t\t\n\n

Cyber Essentials is changing \u2013 is your organisation ready?<\/h1>\n\n\n\n
\n
Talk to an expert<\/a><\/div>\n<\/div>\n\n\n\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t<\/div>\n\t<\/section>\n\n\n\n
\"\"<\/figure>
\n

The annual update to Cyber Essentials applies to all assessments created after April 27th, 2026<\/strong>, and brings with it<\/em> a number of key changes in the way organisations are assessed. From MFA and patching requirements to updated<\/em> definitions and CE+ restrictions, find out what\u2019s changed ahead of your assessment.<\/em><\/p>\n<\/div><\/div>\n\n\n\n

\n

Key Changes<\/strong> in v3.3<\/strong><\/h3>\n\n\n\n
\n\t\n\n\n\t\t\t
\n\t\t\t<\/use><\/svg>\t\t<\/div>\n\t\t\t\t
Mandatory MFA on all cloud services – AUTOMATIC FAIL<\/h6>\n\t\t\t\t

While multi-factor authentication is already required by Cyber\r\nEssentials, the expectation has changed such that where cloud\r\nservices have MFA available \u2013 regardless of whether it is free,\r\nincluded, or a paid add-on \u2013 it must be implemented. Not\r\ndoing so will result in an automatic failure.<\/p>\n\t\t<\/a>\n\n\n\n\t\t\t

\n\t\t\t<\/use><\/svg>\t\t<\/div>\n\t\t\t\t
14-day patching now a requirement – AUTOMATIC FAIL<\/h6>\n\t\t\t\t

Critical and high-severity updates must now be applied within 14 days across your entire estate \u2013 including operating\r\nsystems, applications, and firewall firmware. This has changed\r\nfrom a guideline to an automatic failure if the criteria is not met.<\/p>\n\t\t<\/a>\n\n\n\n\t\t\t

\n\t\t\t\"\"\t\t<\/div>\n\t\t\t\t
Cloud services have been formally defined, and cannot be excluded<\/h6>\n\t\t\t\t

Any service accessed using a business email or account is now in scope by default, including free-tier SaaS tools. Cloud services\r\ncan no longer be excluded from the assessment scope.<\/p>\n\t\t<\/a>\n\n\n\n\t\t\t

\n\t\t\t\"\"\t\t<\/div>\n\t\t\t\t
Passwordless authentication recognised<\/h6>\n\t\t\t\t

The FIDO2 standard and passkeys are now recognised as valid \u2013\r\nand encouraged \u2013 authentication methods. Biometrics, hardware\r\ntokens, and authenticator apps are all explicitly supported.<\/p>\n\t\t<\/a>\n\n\n\n\t\t\t

\n\t\t\t<\/use><\/svg>\t\t<\/div>\n\t\t\t\t
Scoping must be defensible<\/h6>\n\t\t\t\t

All exclusions from scope must be technically justified with\r\nevidence of segregation. Legal entities must be listed, while\r\nambiguous terms like \u2018untrusted connections\u2019 have been removed.<\/p>\n\t\t<\/a>\n\n\n\n\t\t\t

\n\t\t\t\"\"\t\t<\/div>\n\t\t\t\t
These are just the headline changes<\/h6>\n\t\t\t\t

To find out more about what the new Cyber Essentials update means for your\r\norganisation, get in touch here<\/p>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t
Speak to an expert<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/a>\n\n<\/section><\/div>\n\n\n\n
\n

Changes specific to Cyber Essentials Plus (CE+)<\/strong><\/h3>\n\n\n\n
\n\t\n\n\n\t\t\t\t
Mandatory MFA on all cloud services – AUTOMATIC FAIL<\/h6>\n\t\t\t\t

While multi-factor authentication is already required by Cyber\r\nEssentials, the expectation has changed such that where cloud\r\nservices have MFA available \u2013 regardless of whether it is free,\r\nincluded, or a paid add-on \u2013 it must be implemented. Not\r\ndoing so will result in an automatic failure.<\/p>\n\t\t<\/a>\n\n\n\n\t\t\t\t

14-day patching now a requirement – AUTOMATIC FAIL<\/h6>\n\t\t\t\t

Critical and high-severity updates must now be applied within 14 days across your entire estate \u2013 including operating\r\nsystems, applications, and firewall firmware. This has changed\r\nfrom a guideline to an automatic failure if the criteria is not met.<\/p>\n\t\t<\/a>\n\n\n\n\t\t\t\t

Cloud services have been formally defined, and cannot be excluded<\/h6>\n\t\t\t\t

Any service accessed using a business email or account is now in scope by default, including free-tier SaaS tools. Cloud services\r\ncan no longer be excluded from the assessment scope.<\/p>\n\t\t<\/a>\n\n<\/section><\/div>\n\n\n\n

\n

How we can help<\/strong><\/h3>\n\n\n\n
\"\"<\/figure>
\n

Cyber Essentials assessment and advisory<\/strong><\/em><\/h4>\n\n\n\n

Our in-house experts have helped over 100 clients<\/em> successfully pass their Cyber Essentials certification.<\/em> We assess your environment against the latest<\/em> changes; identify gaps in MFA, patching, and scope;<\/em> and provide clear remediation guidance \u2013 so you can<\/em> certify without costly delays or resubmissions.<\/em><\/p>\n\n\n\n

\n
Find out more<\/a><\/div>\n<\/div>\n<\/div><\/div>\n\n\n\n
\n

Managed Detection & Response <\/strong><\/em><\/h4>\n\n\n\n

Our 24\/7 MDR service provides continuous visibility of your vulnerability posture \u2013 addressing one of the biggest challenges in CE v3.3. We provide authenticated vulnerability scanning, real-time monitoring of patch status, and rapid threat containment. Our managed exposure analytics prioritise vulnerabilities by asset sensitivity and current threat intelligence, helping you meet the 14-day patch requirement across your entire estate \u2013 not just assessed devices.<\/p>\n\n\n\n

\n
Find out more<\/a><\/div>\n<\/div>\n<\/div>
\"\"<\/figure><\/div>\n\n\n\n
\"\"<\/figure>
\n

MFA & identity readiness<\/strong><\/em><\/h4>\n\n\n\n

Our team can audit every cloud service in use across your organisation, map MFA availability, and guide enforcement \u2013 including Microsoft 365, Entra ID, and shadow IT services. We help you move from discovery to compliance ahead of your assessment date, and can advise on adoption of passwordless authentication aligned to the new NCSC guidance.<\/p>\n\n\n\n

\n
Get in touch<\/a><\/div>\n<\/div>\n<\/div><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

The annual update to Cyber Essentials applies to all assessments created after April 27th, 2026, and brings with it a number of key changes in the way organisations are assessed. From MFA and patching requirements to updated definitions and CE+ restrictions, find out what\u2019s changed ahead of your assessment. Key Changes in v3.3 Changes specific […]<\/p>\n","protected":false},"author":8,"featured_media":0,"parent":681,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"global_solutions":[],"global_partners":[],"global_industries":[],"global_business_outcome":[],"global_types":[],"class_list":["post-3272","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"\nCyber Essentials is changing \u2013 is your organisation ready? - Conscia UK<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/cyber-essentials-is-changing-is-your-organisation-ready\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cyber Essentials is changing \u2013 is your organisation ready?\" \/>\n<meta property=\"og:description\" content=\"The annual update to Cyber Essentials applies to all assessments created after April 27th, 2026, and brings with it a number of key changes in the way organisations are assessed. From MFA and patching requirements to updated definitions and CE+ restrictions, find out what\u2019s changed ahead of your assessment. Key Changes in v3.3 Changes specific […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/cyber-essentials-is-changing-is-your-organisation-ready\/\" \/>\n<meta property=\"og:site_name\" content=\"Conscia UK\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-19T14:05:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/conscia.com\/uk\/wp-content\/uploads\/2025\/06\/Cyber-Essentials-isnt-one-size-fits-all-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"904\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/cyber-essentials-is-changing-is-your-organisation-ready\/\",\"url\":\"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/cyber-essentials-is-changing-is-your-organisation-ready\/\",\"name\":\"Cyber Essentials is changing \u2013 is your organisation ready? - Conscia UK\",\"isPartOf\":{\"@id\":\"https:\/\/conscia.com\/uk\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/cyber-essentials-is-changing-is-your-organisation-ready\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/cyber-essentials-is-changing-is-your-organisation-ready\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/conscia.com\/uk\/wp-content\/uploads\/2025\/06\/Cyber-Essentials-isnt-one-size-fits-all-image-1024x579.jpg\",\"datePublished\":\"2026-03-19T13:49:28+00:00\",\"dateModified\":\"2026-03-19T14:05:37+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/cyber-essentials-is-changing-is-your-organisation-ready\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/cyber-essentials-is-changing-is-your-organisation-ready\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/cyber-essentials-is-changing-is-your-organisation-ready\/#primaryimage\",\"url\":\"https:\/\/conscia.com\/uk\/wp-content\/uploads\/2025\/06\/Cyber-Essentials-isnt-one-size-fits-all-image.jpg\",\"contentUrl\":\"https:\/\/conscia.com\/uk\/wp-content\/uploads\/2025\/06\/Cyber-Essentials-isnt-one-size-fits-all-image.jpg\",\"width\":1600,\"height\":904},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/cyber-essentials-is-changing-is-your-organisation-ready\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/conscia.com\/uk\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Offerings\",\"item\":\"https:\/\/conscia.com\/uk\/offerings\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cyber security\",\"item\":\"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Cyber Essentials is changing \u2013 is your organisation ready?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/conscia.com\/uk\/#website\",\"url\":\"https:\/\/conscia.com\/uk\/\",\"name\":\"Conscia UK\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/conscia.com\/uk\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/conscia.com\/uk\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/conscia.com\/uk\/#organization\",\"name\":\"Conscia UK\",\"url\":\"https:\/\/conscia.com\/uk\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/conscia.com\/uk\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/conscia.com\/uk\/wp-content\/uploads\/2026\/03\/symbol-white-on-burgundy-large-1.png\",\"contentUrl\":\"https:\/\/conscia.com\/uk\/wp-content\/uploads\/2026\/03\/symbol-white-on-burgundy-large-1.png\",\"width\":628,\"height\":628,\"caption\":\"Conscia UK\"},\"image\":{\"@id\":\"https:\/\/conscia.com\/uk\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/itglconscia-uk\/\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Cyber Essentials is changing \u2013 is your organisation ready? - Conscia UK","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/cyber-essentials-is-changing-is-your-organisation-ready\/","og_locale":"en_GB","og_type":"article","og_title":"Cyber Essentials is changing \u2013 is your organisation ready?","og_description":"The annual update to Cyber Essentials applies to all assessments created after April 27th, 2026, and brings with it a number of key changes in the way organisations are assessed. From MFA and patching requirements to updated definitions and CE+ restrictions, find out what\u2019s changed ahead of your assessment. Key Changes in v3.3 Changes specific […]","og_url":"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/cyber-essentials-is-changing-is-your-organisation-ready\/","og_site_name":"Conscia UK","article_modified_time":"2026-03-19T14:05:37+00:00","og_image":[{"width":1600,"height":904,"url":"https:\/\/conscia.com\/uk\/wp-content\/uploads\/2025\/06\/Cyber-Essentials-isnt-one-size-fits-all-image.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/cyber-essentials-is-changing-is-your-organisation-ready\/","url":"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/cyber-essentials-is-changing-is-your-organisation-ready\/","name":"Cyber Essentials is changing \u2013 is your organisation ready? - Conscia UK","isPartOf":{"@id":"https:\/\/conscia.com\/uk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/cyber-essentials-is-changing-is-your-organisation-ready\/#primaryimage"},"image":{"@id":"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/cyber-essentials-is-changing-is-your-organisation-ready\/#primaryimage"},"thumbnailUrl":"https:\/\/conscia.com\/uk\/wp-content\/uploads\/2025\/06\/Cyber-Essentials-isnt-one-size-fits-all-image-1024x579.jpg","datePublished":"2026-03-19T13:49:28+00:00","dateModified":"2026-03-19T14:05:37+00:00","breadcrumb":{"@id":"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/cyber-essentials-is-changing-is-your-organisation-ready\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/cyber-essentials-is-changing-is-your-organisation-ready\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/cyber-essentials-is-changing-is-your-organisation-ready\/#primaryimage","url":"https:\/\/conscia.com\/uk\/wp-content\/uploads\/2025\/06\/Cyber-Essentials-isnt-one-size-fits-all-image.jpg","contentUrl":"https:\/\/conscia.com\/uk\/wp-content\/uploads\/2025\/06\/Cyber-Essentials-isnt-one-size-fits-all-image.jpg","width":1600,"height":904},{"@type":"BreadcrumbList","@id":"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/cyber-essentials-is-changing-is-your-organisation-ready\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/conscia.com\/uk\/"},{"@type":"ListItem","position":2,"name":"Offerings","item":"https:\/\/conscia.com\/uk\/offerings\/"},{"@type":"ListItem","position":3,"name":"Cyber security","item":"https:\/\/conscia.com\/uk\/offerings\/cybersecurity\/"},{"@type":"ListItem","position":4,"name":"Cyber Essentials is changing \u2013 is your organisation ready?"}]},{"@type":"WebSite","@id":"https:\/\/conscia.com\/uk\/#website","url":"https:\/\/conscia.com\/uk\/","name":"Conscia UK","description":"","publisher":{"@id":"https:\/\/conscia.com\/uk\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/conscia.com\/uk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/conscia.com\/uk\/#organization","name":"Conscia UK","url":"https:\/\/conscia.com\/uk\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/conscia.com\/uk\/#\/schema\/logo\/image\/","url":"https:\/\/conscia.com\/uk\/wp-content\/uploads\/2026\/03\/symbol-white-on-burgundy-large-1.png","contentUrl":"https:\/\/conscia.com\/uk\/wp-content\/uploads\/2026\/03\/symbol-white-on-burgundy-large-1.png","width":628,"height":628,"caption":"Conscia UK"},"image":{"@id":"https:\/\/conscia.com\/uk\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/itglconscia-uk\/"]}]}},"_links":{"self":[{"href":"https:\/\/conscia.com\/uk\/wp-json\/wp\/v2\/pages\/3272","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/conscia.com\/uk\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/conscia.com\/uk\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/conscia.com\/uk\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/conscia.com\/uk\/wp-json\/wp\/v2\/comments?post=3272"}],"version-history":[{"count":10,"href":"https:\/\/conscia.com\/uk\/wp-json\/wp\/v2\/pages\/3272\/revisions"}],"predecessor-version":[{"id":3303,"href":"https:\/\/conscia.com\/uk\/wp-json\/wp\/v2\/pages\/3272\/revisions\/3303"}],"up":[{"embeddable":true,"href":"https:\/\/conscia.com\/uk\/wp-json\/wp\/v2\/pages\/681"}],"wp:attachment":[{"href":"https:\/\/conscia.com\/uk\/wp-json\/wp\/v2\/media?parent=3272"}],"wp:term":[{"taxonomy":"global_solutions","embeddable":true,"href":"https:\/\/conscia.com\/uk\/wp-json\/wp\/v2\/global_solutions?post=3272"},{"taxonomy":"global_partners","embeddable":true,"href":"https:\/\/conscia.com\/uk\/wp-json\/wp\/v2\/global_partners?post=3272"},{"taxonomy":"global_industries","embeddable":true,"href":"https:\/\/conscia.com\/uk\/wp-json\/wp\/v2\/global_industries?post=3272"},{"taxonomy":"global_business_outcome","embeddable":true,"href":"https:\/\/conscia.com\/uk\/wp-json\/wp\/v2\/global_business_outcome?post=3272"},{"taxonomy":"global_types","embeddable":true,"href":"https:\/\/conscia.com\/uk\/wp-json\/wp\/v2\/global_types?post=3272"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}