Cyber Essentials Achieves Record Quarterly Milestone in Certifications

The UK government’s flagship cyber-resilience initiative has reached a significant milestone, with quarterly certifications for the Cyber Essentials scheme surpassing the 10,000 mark for the first time. This achievement, however, is accompanied by concerns about the overall adoption rates, which remain relatively low.

Cyber Essentials provides a framework of best practice controls aimed at helping UK organizations mitigate approximately 80% of common digital threats. In the first quarter of 2025, a total of 10,064 certifications for the standard version were issued, contributing to a yearly total of 37,309. In contrast, the Cyber Essentials Plus version, which encompasses a more advanced level of security through independent auditing, recorded only 3,273 certifications in the same quarter and 11,959 for the year.

The standard Cyber Essentials framework emphasizes five key areas:

1. Firewalls and routers
2. Security updates
3. Access controls
4. Malware protection
5. Secure configuration

Achieving certification at this level requires only a self-assessment, whereas the Cyber Essentials Plus necessitates an independent technical audit to verify the effective implementation of security controls.

Andy Kays, CEO of a UK-based managed detection and response provider, acknowledged the progress but expressed concern regarding the low uptake of the scheme, notably that less than 1% of businesses are certified. Among companies with over 250 employees, only a quarter hold the certification. Kays noted, “This is concerning, considering the certification covers a level of cyber hygiene that all businesses should already be following. While compliance processes may seem burdensome, maintaining a basic standard of cyber hygiene should facilitate the achievement of Cyber Essentials certification.”

He underscored the importance of the certification in the context of increasing high-profile security breaches, stating that Cyber Essentials represents a crucial opportunity for organizations to demonstrate their commitment to cybersecurity to customers, partners, and suppliers. This foundation could also support the implementation of more proactive security measures.

Further data from the government presents a concerning picture regarding awareness of the Cyber Essentials scheme. The Cybersecurity Breaches Survey 2025 indicated that awareness stood at just 12% among businesses, a decline from 16% in the previous year. Furthermore, only 3% of all UK businesses and 21% of larger firms are accredited.

Gaps in Cyber Explorers Scheme

In another area, the Cyber Explorers Scheme aimed at enhancing students’ awareness of cybersecurity, reported 119,843 registrations for the year ending March 31, 2025. This total includes approximately 32% female and 36% male participants. However, the data revealed significant disparities, with nearly 100 parliamentary constituencies lacking enrolled students and the five most deprived areas collectively accounting for only 32% of registrations.

Kays emphasized the necessity of creating clear pathways to cyber careers, highlighting the importance of cultivating interest in cybersecurity from a young age to address persistent industry skills shortages. He concluded, “Cybersecurity is an exciting and diverse field that could attract many young people if presented as a viable career option. We cannot allow regional disparities to persist in this crucial domain.”