The Danzell Update Has Arrived and the Bar Has Been Raised Table of Contents Toggle The Danzell Update Has Arrived and the Bar Has Been RaisedWhat Has Changed in Cyber Essentials 2026?1. Multi-Factor Authentication (MFA) Is Now Mandatory Across the Board2. Critical Operating System Patches Must Be Applied Within 14 Days3. The Same 14-Day Rule Now Applies to Applications and FirmwareWhy These Changes MatterThe Upside: Certification Now Includes Cyber InsuranceWhat UK Businesses Should Do Right NowHow Speedster IT Can Help The Cyber Essentials scheme has been officially updated, and the new “Danzell” requirements are now live across the UK. For businesses of all sizes, this marks a significant shift in what constitutes baseline cybersecurity. If your businesses is not compliant with changes you risk losing insurance cover. The message is unambiguous: minimum standards have risen, and the consequences of falling short are more serious than ever. What Has Changed in Cyber Essentials 2026? The 2026 update introduces three critical controls that now function as automatic failure points during assessment. There is no partial credit — you either meet them or you do not. 1. Multi-Factor Authentication (MFA) Is Now Mandatory Across the Board MFA must be enabled on every cloud service that supports it. Selective adoption is no longer acceptable. If even one qualifying platform lacks MFA, your assessment fails. 2. Critical Operating System Patches Must Be Applied Within 14 Days Businesses are required to apply critical security updates to operating systems within a strict 14-day window. Miss the deadline, and you risk an automatic failure, regardless of how well everything else is configured. 3. The Same 14-Day Rule Now Applies to Applications and Firmware The patching requirement extends beyond operating systems to cover: Business applications Firmware across routers, firewalls, and other network devices This closes a long-standing loophole that allowed vulnerabilities to go unaddressed for weeks or even months. Why These Changes Matter Cyber threats are evolving at pace, and attackers routinely exploit delayed patching and weak authentication. The Danzell update reflects that reality head-on. These changes are designed to: Reduce exposure to ransomware, phishing, and data breaches. Enforce consistent, proactive security hygiene across organisations of all sizes. Bring SMEs in line with modern cyber defence expectations. Put simply: Cyber Essentials is no longer a box-ticking exercise. It is an active, enforceable security framework, and it will be treated as such. The Upside: Certification Now Includes Cyber Insurance There is genuine good news alongside the tougher requirements. Certification now includes up to £25,000 of cyber liability insurance, offering: Financial protection in the event of an incident Demonstrable credibility with clients and partners Tangible reassurance for smaller organisations operating with limited IT resource. For many businesses, that alone makes the effort worthwhile. What UK Businesses Should Do Right Now Whether you are pursuing certification for the first time or renewing an existing one, the following steps should be your immediate priority. Audit your MFA coverage Check every cloud platform your organisation uses, Microsoft 365, Google Workspace, and any line-of-business applications. MFA must be fully enforced, not just enabled in principle. Review your patch management process Can you genuinely guarantee that critical updates are applied within 14 days? If there is any doubt, your processes need tightening before your next assessment. Check your network hardware and firmware Routers, firewalls, and managed devices are frequently overlooked, and under the new requirements, they are a direct compliance risk if left unpatched. Work with a certified IT provider Preparing for Cyber Essentials without specialist support can be time-consuming and easy to get wrong. A certified provider can identify gaps, resolve issues quickly, and give you the best chance of passing first time. How Speedster IT Can Help The Danzell update represents a meaningful step forward for UK cybersecurity standards, and rightly so. The threat landscape has changed, and the scheme needed to change with it. For businesses, the message is straightforward: act now, or risk failing compliance when it matters most. If you have not yet assessed your readiness against the new requirements, there is no better time to start than today. Call us on 02045119111 LouiseWith over 15 years at Speedster IT, I’ve built a career around helping businesses navigate the evolving world of technology. I publish all the content for the IT Support London Blog and Cyber Security Blog, where I share practical insights on infrastructure upgrades, cybersecurity trends, and smart IT strategies for growing companies.