UK launches Cyber Essentials push for SMEs in 2026

You wouldn’t leave your shop door ajar at closing time; the same principle applies online. Today, 17 February 2026, the UK government launched a campaign to help small and medium-sized businesses put simple cyber protections in place, pointing you to its Cyber Essentials standard and meeting you where you already are on social media, radio, podcasts and business networks. (gov.uk)

Cyber Essentials is a government-backed checklist developed with the National Cyber Security Centre. It focuses on five practical protections: using a firewall, setting secure configurations, keeping software updated, controlling user access and running malware protection. These basics close off the easy routes many attackers rely on. (gov.uk)

Why the push now? Independent research for the Department for Science, Innovation and Technology, published on 12 November 2025, estimates that a significant cyber incident costs a UK business nearly £195,000 on average. Scaled across the economy, that’s about £14.7 billion a year-money not spent on wages, kit or growth. (gov.uk)

Prevalence matters too. The government says around half of small firms reported a breach or attack in the past year, drawing on the Cyber Security Breaches Survey 2025; among medium and large organisations, 82% experienced some form of incident in the latest Longitudinal Survey released today. Taken together, it’s a reminder that size is no shield. (gov.uk)

Here’s what those five protections look like in day-to-day terms. A firewall is your gatekeeper for network traffic. Secure configuration means switching off default settings you don’t need. Software updates are your routine patching. User access control is about giving people only the permissions their role requires, ideally with multi-factor authentication for admin accounts. Malware protection is current, reputable threat scanning. (gov.uk)

The campaign highlights no-cost ways to get moving fast. There’s a Readiness Tool to help you spot gaps, a free 30‑minute consultation with an NCSC‑assured adviser if you’re preparing for certification, and a free preview of the Cyber Essentials Question Set and the Requirements for IT Infrastructure so you know exactly what’s expected before you start. (gov.uk)

Money matters as well as security. Certification can help when bidding for public contracts. Eligible smaller organisations that certify their whole organisation can receive free cyber insurance with a 24/7 incident helpline-typically up to £25,000 of cover. Government figures also show 92% fewer insurance claims among organisations with Cyber Essentials in place last year. (iasme.co.uk)

If you teach or train a team, you can turn this into a short, useful session. Pair each control with a behaviour your learners can practise this week: strong passwords and multi‑factor authentication under access control; uninstalling unused apps and changing default settings under secure configuration; scheduling automatic updates under software updates; checking and updating your anti‑malware for malware protection; and reviewing router or cloud firewall settings for network filtering.

Policy is shifting too. The Cyber Security and Resilience Bill, introduced for first reading on 12 November 2025, proposes updates to the UK’s NIS framework so essential and digital services-and their key suppliers-raise baseline defences. The goal is to reduce disruption and keep electricity, water, healthcare and data centres running. (gov.uk)

Our take-away for this week is simple. Invest an hour in the basics: update devices, reduce the number of admin accounts, switch on multi‑factor authentication where available, and run the Readiness Tool to see what’s left to do. Then set a date to complete the Question Set and close any gaps. We’re not aiming for perfection; we’re making your organisation a harder target. (iasme.co.uk)