Cyber Essentials deadline for criminal law firms: what you need to know before 1 October 2025

22/08/25 Wavenet
Law IT

From 1 October 2025, all criminal law firms in the UK will be required to hold Cyber Essentials certification. This new mandate is part of a broader push to strengthen cyber security within the legal sector and protect sensitive case data from the growing risk of cyber attacks.

If your firm has not yet started preparing, the time to act is now.

Why this matters

Criminal law firms handle highly sensitive information, client data, case files, court evidence, and communications that, if compromised, could have serious legal, reputational, and even personal consequences.

In recent years, the legal sector has become a prime target for cyber criminals, with ransomware, phishing, and data theft increasing in both frequency and sophistication. The introduction of this requirement recognises that cyber resilience is no longer optional, especially for firms working within the criminal justice system.

What is Cyber Essentials?

Cyber Essentials is a government-backed certification developed by the National Cyber Security Centre (NCSC). It sets out a basic but essential set of technical controls to protect organisations from common online threats.

  • Cyber Essentials – a self-assessment covering five key technical controls.
  • Cyber Essentials Plus – an advanced certification that includes an independent technical audit.

What does your firm need to do?

1. Understand the requirements

  • Review the five technical control areas: firewalls, secure configuration, user access control, malware protection, and patch management.
  • Consider whether you need Cyber Essentials or Cyber Essentials Plus, based on the nature of your work and data.

2. Audit your current systems

  • Identify gaps in your cyber defences.
  • A pre-assessment by a certified body can help you understand what’s needed to comply.

3. Implement changes

  • Work with internal IT teams or external consultants to make the necessary changes in infrastructure, processes, and policies.

4. Get certified

  • Once you're confident your systems meet the requirements, apply for certification through a recognised Certification Body.

5. Maintain and review

  • Certification is valid for 12 months. Make sure your defences stay up to date and build cyber security into your ongoing risk management practices.

The consequences of non-compliance

  • Ineligibility for certain legal aid or government-contracted work.
  • Increased scrutiny from regulators.
  • Loss of trust from clients and partners.
  • Higher cyber insurance premiums, or denial of coverage altogether.

Benefits beyond compliance

  • Reduced risk of cyber incidents.
  • Improved client confidence.
  • Demonstrated commitment to data protection.
  • Stronger positioning for tenders and contracts.

Don’t leave it too late

Certification can take time, especially if your systems need significant updates. Starting now ensures you’re not rushing at the last minute or risking non-compliance.

Start your Cyber Essentials journey here.

Learn more Why choose us for Cyber Essentials?

Legal, Cyber Security, CyberGuard, Blogs, Cyber Essentials

Latest blogs

See all posts
Placeholder thumbnail
Cloud, Data & Apps – meeting you in your digital journey

For years, the cloud was seen as the answer to digital transformation. It promised scale and simplicity but often led to complexity and unclear results. The truth? Cloud doesn’t create value, outcomes do. That’s why we’ve launched our new Cloud, Data & Apps strategy. Instead of tech-first conversations, this approach focuses on outcome-led transformation, ensuring every step ties directly to customer goals. We’ve worked with our customers to map the stages of their digital evolution and adopt an outcome-led approach that ensures we have the right conversations with our customers and deliver the right services and support, at the right time. It means we can be specific and deliberate about our advice and our execution. Here’s how it works… 1. STARTING OUT “We’re thinking about change” OUR SOLUTION ▼ How we help customers starting out: We can identify the value for you We bring in subject matter experts, allowing you to focus on your core business We will find the tech way to solve the problem and be your expert advisors ADVISORY SERVICE Assessment solutions: Technology assessment Vision, modernisation & migration readiness assessment Data discovery & strategy assessment 2. PLANNING “We know what we're going to do, we just need to do it” OUR SOLUTION ▼ How we help customers with a plan: We will work with you to help write the business case We bring experience of doing this for thousands of customers, you don't need to do it alone. Instead, you will be partnering with an expert ADVISORY SERVICE Workshop solutions: Modern infrastructure design Data profiling Data platform design AI/ML use-case identification & design 3. MOBILISING “Let's go...” OUR SOLUTION ▼ How we help customers to mobilise: If you can't do it on your own, we will support you or do it for you (any tech stack etc.) We can deliver meaningful change with our highly customisable, commercially flexible delivery method - OnDemand PROFESSIONAL SERVICES, MANAGED SERVICES AND ONDEMAND OnDemand Change Squad Landing zone & cloud fundamentals Infractructure build Pipeline automation Data platform deployments AI/ML deployment & pipelining 4. OPERATING “Its in, does it work as we said it would?” OUR SOLUTION ▼ How we help customers to operate: Focus on your business, let us run it for you, or partner with you to run it together We can provide end-to-end management, either through a structured Managed Service or with the flexibility of our tailored OnDemand offering PROFESSIONAL SERVICES, MANAGED SERVICES AND ONDEMAND OnDemand Run Squad Operational support SRE powered operational resilience Support to extend across full technology portfolio 5. OPTIMISING “Can we make it better?” OUR SOLUTION ▼ How we help customers optimise: Your agility is our reputation, let's optimise with your best interests at heart Optimisation opportunities can be activated quickly and easily, delivering rapid time-to-value through OnDemand PROFESSIONAL SERVICES, MANAGED SERVICES AND ONDEMAND OnDemand Quantum for Azure remediation (FinOps) Aligned to the Cyber Assessment Framework Infrastructure as Code optimisation

Read more
Placeholder thumbnail
How can healthcare providers implement patient-centred care?

Transforming healthcare with smarter, connected care Healthcare today faces extraordinary pressures, but also unprecedented opportunities. Patients want quick, convenient, and personalised interactions, while providers face rising demand, workforce shortages, tighter budgets, and escalating cyber risks. These challenges are real, but they don’t have to define the future of care. Read on to see how we help healthcare organisations turn these challenges into opportunities, and how our communication tools are helping healthcare providers to deliver seamless, patient-centred experiences.

Read more
Placeholder thumbnail
What does end of support for Windows 10 mean?

The ultimate guide to Windows 10 end of support: what you need to know and how to prepare

Read more
disaster-recovery
What is disaster recovery?

When most people hear the term disaster recovery, they think of large-scale emergencies like floods, fires, or even national crises. While these events can certainly impact businesses, in reality, modern disasters are far more likely to come from cyberattacks, ransomware, cloud outages, or human error.

Read more
FTTP-fibre-to-the-premises
What is FTTP broadband?

What is FTTP broadband? FTTP (Fibre to the Premises) is a full-fibre internet solution where fibre optic cabling runs directly into your home or business. Unlike older technologies that rely on copper wiring, FTTP delivers ultrafast broadband with speeds of up to 1Gbps, minimal latency, and unrivalled reliability.

Read more
microsoft-teams-features
Top 20 Microsoft Teams features you should be using in 2025

Microsoft Teams has evolved from chat and meetings into a unified communications platform that brings messaging, voice, video, telephony and apps together. Below we highlight the key Microsoft Teams features and benefits you should be using in 2025.

Read more

Stay service-savvy

Get all the latest news and insights straight to your inbox.