The UK’s Cyber Essentials scheme is entering a new phase as fresh updates take effect.

Cyber Essentials version 3.3, known as ‘Danzell', strengthens the focus on consistency, evidence and real-world implementation, reflecting a shift away from self-declared compliance towards demonstrable resilience.

The changes, led by the National Cyber Security Centre, include stricter requirements for multi-factor authentication across critical systems, and tighter Cyber Essentials Plus audits focused on patching and remediation.

Commenting on the changes, Paul Colwell, CISO at Wavenet, said: "The focus is moving away from what organisations say they’re doing and towards what they can prove. That's a positive development for the industry because it strengthens confidence in the certification and helps ensure it remains a meaningful benchmark for cyber resilience."

Wavenet said the revisions address gaps between perceived and actual cyber readiness while reinforcing the importance of consistent basic controls.

"Multi-factor authentication is one of the simplest and most effective security controls available to organisations today," Colwell added. "The updated requirements recognise that there is no longer any justification for applying it inconsistently across critical services and privileged accounts."

With more than 41,000 Cyber Essentials and 13,000 Cyber Essentials Plus certifications in place, the government-backed standard aims to be a key cyber security benchmark in the UK.

---