ThreatAware has warned organisations to close cybersecurity visibility gaps ahead of changes to the UK’s Cyber Essentials scheme. The updated version introduces stricter checks for certification.

The revised standard adds two automatic failure conditions and raises the bar for proving that key controls are in place across full IT environments. The five technical controls at the heart of Cyber Essentials remain unchanged, but the assessment process will place greater weight on whether those controls are consistently enforced in practice.

Under the changes, any cloud service that supports multi-factor authentication must have it enabled. A single account without MFA would trigger an automatic failure.

Another change shortens the window for fixing critical and high-risk vulnerabilities. Organisations will need to remediate those issues within 14 days across endpoints, applications and network infrastructure.

Scrutiny during assessments is also set to increase. If sample testing identifies failures, organisations will need to fix the same issues across the whole environment before they can be reassessed.

Stricter checks

IASME has published the update, which is backed by the National Cyber Security Centre. For many UK organisations, Cyber Essentials certification remains a basic requirement for working with government departments and parts of the wider supply chain, and it is often linked to cyber insurance conditions.

That makes the practical effect of the revised rules significant for companies that rely on certification to win or retain contracts. The changes shift the focus from written policy to proof that controls are active across all users, devices and systems.

Common weak points include misconfigured conditional access policies, unmanaged or guest accounts, devices outside patching windows, and unsanctioned software-as-a-service use. Under the updated framework, any one of those gaps could be enough to prevent certification.

Jon Tamplin, Head of Cybersecurity at ThreatAware, said: “These updates reinforce a fundamental cornerstone of cybersecurity: when organisations get the basics right, they prevent the vast majority of attacks. And it starts with one essential principle – visibility.

“Visibility isn’t a nice-to-have; it’s the foundation of effective security. Think about this from the attacker’s perspective: they’re looking for the easiest path. A high-risk account where MFA isn’t enforced can quickly lead to a compromised device.”

Proof required

The emphasis on evidence reflects a broader trend in cyber compliance, with auditors and certification bodies increasingly wanting to see operational controls rather than policy statements. In practice, that means security teams must be able to account for every relevant device and user account, including those outside standard management processes.

For larger organisations, that can be difficult when estates include a mix of on-premises systems, cloud applications, third-party tools and temporary accounts. Guest users, shadow IT and assets outside central management often create the blind spots that compliance frameworks are now trying to eliminate.

Tamplin said: “If security leaders can’t identify where these gaps are, they’re effectively working with one hand tied behind their back. Teams are doing their best, but it only takes one device without the right security controls to expose an entire network.

“If you can’t see every device and every account, you can’t prove the controls are working. Under v3.3, proof is exactly what’s required, and it only takes one device outside the patch window or one account without MFA enforced to fail an assessment.

“The message behind the Cyber Essentials updates is simple: get the fundamentals right. Those fundamentals haven’t changed, but expectations have. Organisations should not only have core controls in place, from patching to EDR and MFA, but also be able to prove they are applying them across every account and every device, all the time, to meet the ‘Five Controls’.”

The revised requirements apply immediately to new certification accounts created under the updated scheme, while organisations with existing accounts have a six-month transition period to certify under the previous standard. That phased approach gives some businesses extra time, but it also creates a near-term decision for organisations that need certification for procurement, supplier assurance or insurance purposes.

ThreatAware, founded in 2018, works with more than 100 organisations across the UK, US and Canada.

BT has launched a sovereign services portfolio for UK public and private sector organisations, which it says is the first in the country to combine connectivity, voice, cloud and AI in a single sovereign offering.

The launch coincides with research from Assembly Research estimating that wider use of digital sovereignty could unlock £18 billion in productivity gains for the UK economy by giving organisations more confidence to adopt AI.

The portfolio is designed for organisations that need to keep sensitive and regulated workloads in the UK. It includes sovereign connectivity and voice services, a new Sovereign Cloud platform, and sovereign AI services built with Nscale and NVIDIA.

Assembly Research found that concerns over data security and control are slowing AI adoption across British organisations. It also pointed to a broader economic opportunity from domestic digital infrastructure, estimating that faster investment in UK data centres could generate £14.6 billion by 2030, while sovereign cloud services could be worth a further £13.6 billion over the next five years.

Cloud offer

The new Sovereign Cloud service is a private cloud platform hosted and operated entirely within the UK. It is aimed at organisations handling sensitive or regulated workloads and includes compute, storage and backup services.

The platform uses Rackspace Technology data centre infrastructure in the UK, supported by UK-based security-cleared teams providing managed services for migration, operations and compliance.

Alongside the cloud service, BT is developing sovereign AI services with Nscale and NVIDIA. These are intended to let customers run AI workloads in the UK, expand computing capacity when needed, and meet data residency, security and regulatory requirements.

BT said the AI offer is intended for uses including operational automation, advanced analytics and AI-assisted customer service. It presented the wider portfolio as a way for organisations to modernise critical services while retaining greater operational control.

Economic case

Assembly Research also modelled potential savings from risk reduction and compliance. It estimated that greater control over data and digital systems could cut losses linked to cyber incidents by about £632 million a year.

The study found that wider adoption of domestically controlled systems could also make it easier for organisations to comply with UK data protection rules and sector regulation, helping businesses avoid as much as £1 billion in GDPR-related fines.

Digital sovereignty has risen up the policy agenda in the UK and across Europe as governments and businesses examine their dependence on overseas digital platforms and infrastructure. BT’s launch reflects growing demand from public bodies and private companies for clearer controls over where data is held, who manages systems, and how services are governed.

BT Business Chief Executive Officer Jon James said customers wanted to adopt AI and cloud services quickly while maintaining control over their data. “Organisations, public and private, want to move fast with AI and cloud while keeping control over the sovereignty of their data. That’s why BT is the first UK provider to offer a complete sovereign portfolio – from secure connectivity and voice to sovereign cloud and AI – all delivered in one place. Only BT has the scale and infrastructure to help customers modernise critical services with confidence, delivering real benefits for organisations and for the UK as a whole,” James said.

Assembly Research Founder and Chief Executive Matthew Howett said the policy backdrop had become more urgent. “Our research shows that digital sovereignty has become a political focus across Europe and in the UK, as concerns about an over-reliance on non-sovereign digital platforms have intensified. The clear prize on offer should encourage the Government to take further steps to realise the opportunities of a wider adoption of digital sovereignty. As well as the potential economic benefits, the wider adoption of digital sovereignty promises enhanced resilience by giving organisations more control over services,” Howett said.

Uswitch has warned London Marathon runners and spectators to expect mobile signal disruption at key points along the route, particularly in crowded areas such as Tower Bridge, Canary Wharf and The Mall.

When large numbers of people try to get online at once, pressure on local mobile infrastructure can lead to delayed live-tracking updates, patchy calls and slow data speeds. The issue is more likely to be network capacity than a lack of coverage.

More than 59,000 runners are expected at the start line, with large spectator crowds gathering across central and east London. Areas expected to be especially busy include Tower Bridge, Canary Wharf, Embankment, Westminster and the finish area on The Mall.

Archie Burkinshaw, Mobiles Expert at Uswitch, said the problem often arises even when phones appear to have a strong connection. “On marathon day, some of London’s busiest spots can put mobile networks under pressure as thousands of runners and spectators try to get online at once.”

“It’s often not a coverage problem but a capacity issue, as local masts can become overloaded by the number of devices trying to connect at the same time. This can create digital gridlock, leading to slower data, delayed live-tracking updates, patchy calls, and difficulty uploading photos or messages.”

“In some cases, people may still see full signal bars, but performance can lag because the network is congested.

“If you’re worried about losing connection, one option is to have a backup eSIM ready on another network. Most newer phones let you keep your usual number active while using the second network for data, although busy areas can affect multiple networks.

“A few quick checks before you leave can make all the difference: download maps, save tickets or travel information, agree on a meeting point, and pack a portable charger.”

Practical steps

Suggested measures include downloading offline maps and transport information before travelling, taking screenshots of QR codes and tracking links, and agreeing meeting points away from the finish line. The advice also includes carrying a portable charger and using low-power settings to reduce battery drain.

In especially crowded areas, switching from 5G to 4G may help, as 4G can sometimes provide a more stable connection when networks are under strain. Users are also advised to send SMS or other low-data messages rather than trying to upload video from the busiest sections of the course.

Another option is to install a secondary eSIM on a different network before race day. Some one-month eSIM plans are available from £2.50 for 100GB, according to the guidance, although service problems can still affect more than one operator in the same location.

Route pressure

The warning reflects the dense spectator crowds that build at marathon viewing hotspots, where sudden demand can put nearby mobile masts under strain. Moving 100 to 200 metres away from the busiest part of a crowd may improve service.

Runners are advised to prepare for periods of limited connectivity by downloading playlists and maps in advance and avoiding live uploads during the race. Participants using GPS sports watches may also want to put their phones into aeroplane mode to preserve battery life until the finish.

Guest Wi-Fi in pubs, cafés and restaurants along the route may provide an alternative if mobile data becomes unreliable. Users can also try manually selecting a network before returning to automatic settings if their phones remain attached to a weak connection.

The London Marathon is one of the UK’s largest mass-participation sporting events and draws substantial crowds across multiple boroughs, making it a recurring test for mobile networks in the capital. With tens of thousands of runners and spectators relying on live updates, messages and navigation throughout the day, the key advice is to prepare for congestion before leaving home.