The UK government’s flagship cyber-resilience scheme received a boost late last week with new figures revealing quarterly certifications had surpassed the 10,000 milestone for the first time, although overall take up remains low.
Cyber Essentials provides a framework of best practice controls for UK organizations which, the government claims, can help them to mitigate around 80% of the most common digital threats.
According to the government, the number of issued certifications for the standard version hit 10,064 in the period January to March 2025 – bringing the total for the year to 37,309. However, the figures for the slightly more advanced Cyber Essentials Plus were just 3273 for the quarter and 11,959 for the year.
Requiring just a self-assessment, the standard level of Cyber Essentials focuses on five core areas:
- firewalls and routers
- security updates
- access controls
- malware protection
- secure configuration
The Cyber Essentials Plus version focuses on similar areas but demands an independent technical audit to ensure the controls are correctly implemented.
Read more on Cyber Essentials: UK Cyber Essentials Certification Numbers Falling Short
Andy Kays, CEO of UK-based managed detection and response (MDR) provider Socura, argued that although progress is to be celebrated, uptake of the scheme is still confined to less than one in 100 businesses – only a quarter of firms with 250+ employees are certified.
“This is concerning, considering the certification covers a level of cyber-hygiene that all businesses should already be following. While there’s often an expectation that compliance processes are onerous, if you’re already maintaining a decent standard of cyber-hygiene, achieving Cyber Essentials certification should be straightforward,” he added.
“Given the number of high-profile breaches in the news recently, Cyber Essentials presents an important opportunity to signal to customers, partners, and suppliers that cybersecurity is taken seriously. It also helps organizations lay the foundations for more proactive security measures.”
Separate data from the government makes for more concerning reading. Its Cybersecurity breaches survey 2025 revealed that awareness of Cyber Essentials stood at just 12% of businesses this year – down from 16% in 2022. Just 3% of all UK businesses and a fifth (21%) of larger firms are currently accredited, it claimed.
Gaps in Cyber Explorers Scheme
It was a similarly mixed picture for the UK government’s Cyber Explorers Scheme, an online learning course for school pupils.
The latest figures revealed registrations for the course at 119,843 for the year to March 31 2025, a third (32%) of which were girls and 36% boys.
However, there were significant variations. There were nearly 100 parliamentary constituencies with no children enrolled, while the five most deprived areas in the country (out of 10) accounted for just 32% of registrations.
Kays argued that creating clear pathways to cyber careers by nurturing interest in the subject from an early age is key to addressing significant industry skills shortages.
“Cybersecurity is an exciting and varied career that would appeal to many young people, provided it is presented as a viable option,” he added.
“There isn’t a single part of the country where this isn’t the case, so we cannot allow regional disparities.”
No tags.
