<  All Posts

What Are The Changes to Cyber Essentials in April 2025?

Author:
Craig Pepper

In April 2025 there will be changes to Cyber Essentials and Cyber Essentials Plus here's what you need to know.

What’s Changing in Cyber Essentials in April 2025?

The upcoming April 2025 update, Version 3.2, introduces minor refinements primarily focused on terminology. Here’s a breakdown of what’s new:

A Focus on Passwordless Authentication

Periculo knows that passwords are a weak link in cybersecurity. The growing shift towards passwordless authentication reflects the need for stronger, more reliable forms of identity verification. Passwords, while easy to use, are susceptible to being reused, forgotten, or hacked. Cyber Essentials addressed this vulnerability in 2022 by requiring multi-factor authentication (MFA) for all internet-facing accounts.

The 2025 update goes further by formally recognising passwordless technology, which eliminates passwords entirely. These solutions use multiple forms of authentication, including digital certificates, cryptographic techniques, or biometric verification combined with app-generated codes. Cyber Essentials now defines passwordless authentication as “an authentication method that uses a factor other than user knowledge to establish identity.”

Examples of passwordless methods that we recommend to our clients include:

Passwordless technology significantly reduces the risks associated with traditional passwords and supports a more secure user experience.

Enhanced Focus on Vulnerability Fixes

With the April 2025 update, Cyber Essentials has shifted from ‘patches and updates’ to a broader ‘vulnerability fixes’ term within its security update management section. This update clarifies that there are multiple ways to resolve software vulnerabilities, and the fix may come in various forms beyond standard patches, including registry tweaks, configuration changes, or vendor-provided scripts.

For Periculo clients, here’s what this update means: under the term ‘vulnerability fixes’, you’ll have flexibility in how your organisation addresses vulnerabilities, as long as fixes are vendor-approved. By covering every type of remediation, this change helps you achieve compliance and stay secure against new threats.

Updates to the Cyber Essentials Plus Test Specification Document

The Cyber Essentials Plus Test Specification document, designed for assessors performing Cyber Essentials Plus evaluations, will see several key changes that affect clients undergoing this assessment:

These updates ensure that Cyber Essentials Plus assessments remain rigorous and consistent, providing you with an objective validation of your cybersecurity controls.

How Periculo Can Help

Navigating these updates doesn’t have to be a challenge. At Periculo, we’re here to ensure that you’re always a step ahead in cybersecurity. Our team can guide you through the new requirements, help implement passwordless authentication solutions, streamline your vulnerability management processes, and support you in achieving and maintaining Cyber Essentials Plus certification.

Want to stay secure and compliant in 2025? Contact Periculo today to find out how we can help your organisation adapt to the latest Cyber Essentials requirements and continue protecting what matters most.

Protecting Digital Health Solutions

Contact Periculo for expert cyber security solutions tailored to the digital health industry.

Subscribe
Stay updated with our newsletter for the latest features and releases.
By subscribing, you agree to our Privacy Policy and consent to receive updates from us.
Thank you! Subscription received.
Oops! Something went wrong. Please try again.