Yes, the Cyber Essentials Scheme was updated on 28 April 2025 to reflect the evolving nature of cyber threats (increasing adoption of cloud services) and our changing working practices, (particularly the trend towards home working and hybrid working).
With these changes, Cyber Essentials is placing greater emphasis on certain security controls, such as the use of multi-factor authentication, password management and the need to apply ‘critical’ or ‘high-risk’ software update fixes within 14 days of release.
URM has written a blog Cyber Essentials – What’s Changing in 2025? summarising all of the changes that were made to the scheme and addresses questions such as:
- What Were The Key Changes?
- What Changes Will I See When Completing The Questionnaire?
- Were Any Changes Made To Cyber Essentials Plus?

Supplementing Cyber Essentials
URM’s blog outlines the practical measures you can take following Cyber Essentials certification to further enhance your information & cyber security posture.

URM’s blog explores how Cyber Essentials can help your legal practice enhance its security posture and achieve/maintain its SQM or Lexcel accreditation.

URM’s blog answers key questions about CE, focusing specifically on its technical requirements, use of BYOD, and how the scheme may change in the future.

URM explains each control law firms must include in an information management and security policy that complies with the Lexcel Practice Management Standard.