The Cyber Essentials scheme sets out the basic technical controls which all organisations relying on the internet should have in place to prevent common online attacks. The scheme requires software running on computers and network devices to be kept up-to-date and have the latest security patches installed: this is designed to protect against known code vulnerabilities.
Although Cyber Essentials is intended to provide a good basic level of cyber security, it does not represent a full cyber risk management regime, which is something set out in the more comprehensive ‘10 Steps to Cyber Security’ guidance. As part of the regular reviews of all cyber security standards, the Government considers whether Cyber Essentials needs to be updated to reflect other risks. The value of Cyber Essentials lies in its simplicity and it is important to balance this against breadth and depth of controls.