Are You Ready for the Impending Cyber Essentials Changes?

As of April 27th 2026, there are important changes to Cyber Essentials which all organisations holding, or looking to achieve Cyber Essentials or Cyber Essentials Plus, must be aware of. These changes have come about to reflect what is being seen by IASME and the National Cyber Security Centre across real-world incidents, evolving cyber threats and feedback from assessments.

The current question set is being updated to tighten certain criteria and to help organisations become more robust in their cyber security, benefiting all parties. Updates include the following, as well as other changes:

To support customers with the new Cyber Essentials Plus requirements, Fortis Cyber® are aligning services to deliver ongoing compliance and assessment readiness designed to significantly reduce the risk of failure under the new, more rigorous standards.

We are enhancing our Cyber Essentials Plus capability with a structured readiness workflow in the months leading up to assessment, alongside improved visibility into your organisation’s compliance posture. This ensures you have a clear understanding of your readiness at every stage, enabling proactive remediation and a smoother, more effective certification process. This support is already included for customers who have signed up to the Fortis Cyber® Attack Mitigation Service. https://www.fortiscyber.co.uk/attack-mitigation-service

Get ahead of the new changes to reduce the risk of CE+ assessment failure and increase your cyber resilience. Contact us to review your current compliance position and put the right controls in place to achieve successful certification. For further information on the new requirements please check out the IASME article: https://iasme.co.uk/articles/important-update-changes-to-cyber-essentials-for-april-2026/