Cyber Essentials – 2025 changes to the scheme

In 2025, Cyber Essentials will transition to the Willow question set and update the requirements for remote working, passwordless authentication, vulnerability fixes, and beyond. If your organisation wants to maintain compliance and best practices under the new guidelines, it’s crucial to understand these changes – before they take effect.

Our expert guidance on the Cyber Essentials - 2025 changes to the scheme walks you through exactly what’s new and what you need to do to stay protected and certified.

Key takeaways

• Willow question set – Learn how assessments made on or after 28 April will require the new question set.
• Remote working requirements – Understand how to address risks for employees connecting from outside the office.
• Passwordless authentication – Discover how biometric data, tokens, and push notifications fit into Cyber Essentials.
• Vulnerability fixes – See why patching alone isn’t enough and what “fixes” now include.
• Random sampling – Get clarity on the assessor’s new approach for device sampling and why it matters.

Who does this guidance help?

• Organisations preparing for Cyber Essentials recertification
• Businesses seeking to align their security strategies with the latest updates
• Anyone responsible for IT, compliance, or governance

Why download now?

• Save time: Get a concise overview of what’s changing.
• Stay compliant: Avoid surprises when your next assessment date arrives.
• Strengthen security: Understand new best practices for remote work, passwordless logins, and vulnerability management.

Don’t wait for the changes to catch you unprepared.

Stay one step ahead – download now.