Yes, the Cyber Essentials Scheme was updated on 28 April 2025 to reflect the evolving nature of cyber threats (increasing adoption of cloud services) and our changing working practices, (particularly the trend towards home working and hybrid working).
With these changes, Cyber Essentials is placing greater emphasis on certain security controls, such as the use of multi-factor authentication, password management and the need to apply ‘critical’ or ‘high-risk’ software update fixes within 14 days of release.
URM has written a blog Cyber Essentials – What’s Changing in 2025? summarising all of the changes that were made to the scheme and addresses questions such as:
- What Were The Key Changes?
- What Changes Will I See When Completing The Questionnaire?
- Were Any Changes Made To Cyber Essentials Plus?

Lexcel: Deconstructing Your Information Management and Security Policy
URM explains each control law firms must include in an information management and security policy that complies with the Lexcel Practice Management Standard.

URM’s blog explores how Cyber Essentials can help your legal practice enhance its security posture and achieve/maintain its SQM or Lexcel accreditation.

URM’s blog answers key technical questions about Cyber Essentials and Cyber Essentials Plus, what’s in scope, CE compliant use of BYOD, and more.

URM’s blog highlights the growing threat to cyber security in the UK and the importance of the Cyber Essentials scheme in mitigating these risks.