top of page

IT & Business News Roundup: 29 April 2026. Cyber Essentials v3.3 Lands, NCSC Sounds the Alarm, and Copilot Gets Smarter

  • Millie Pendell
  • Apr 29
  • 4 min read

Updated: 6 days ago

It's been one of the busiest weeks in the UK IT calendar for a long time. Cyber Essentials has had its biggest shake-up in three years, the NCSC has put out a fresh warning, and Microsoft has tipped a wheelbarrow of new Copilot features into the world. If you run a business in Cheltenham, Gloucester, the Cotswolds or anywhere else in the UK, here's the plain-English rundown of what matters this week, and what to do about it.


1. Cyber Essentials v3.3 'Danzell' went live on Monday, and it has teeth

Two days ago, on 27 April 2026, the NCSC and IASME retired the old 'Willow' question set and switched the Cyber Essentials scheme over to the new 'Danzell' v3.3 requirements. This is the biggest tightening of the scheme in three years, and for the first time it includes auto-fail rules. Miss them and your assessment is straight in the bin.

The headline changes for SMEs:

  • MFA is now mandatory on every cloud service that supports it. If Microsoft 365, Xero, Sage, your CRM or any other SaaS app offers MFA and you haven't switched it on, the assessor fails you on the spot.

  • Critical and high-risk patches must be deployed within 14 days of release. Run an unpatched server or a stale laptop past the 14-day mark and that's another auto-fail.

  • Cloud services can no longer be excluded from scope. Microsoft 365, Google Workspace, Dropbox, your accounting platform, they're all in scope, full stop.

  • Passwordless and FIDO2 methods are now formally recognised, with more emphasis on getting away from passwords altogether.

If you certified before 27 April you can still complete that assessment under the old Willow ruleset until 27 October 2026, but anything new starts on Danzell. If you supply the public sector, the MoD, the NHS or any larger customer that requires Cyber Essentials in their contracts, this is now a board-level priority, not an IT chore.


2. NCSC's 22 April warning: state-backed attacks are ramping up

A week before Danzell landed, the UK's National Cyber Security Centre issued a fresh warning that state-aligned attacks are getting more frequent, more patient and more targeted. The interesting bit for SMEs: 31% of state-backed activity now uses AI-enhanced phishing and business email compromise, exactly the kind of attack that lands in your team's Outlook inbox on a Tuesday morning.

Most UK SMEs aren't being 'hacked' in the Hollywood sense. They're being convinced. A well-crafted, AI-written email asking finance to 'just update the supplier bank details' is now the quickest route into Microsoft 365, payroll and your customer data. The defence is people, process and MFA in that order.


3. Microsoft 365 Copilot: Wave 1 brings real agents

Microsoft's 2026 Release Wave 1 has started rolling out across April, with more landing through to September. The big shift: Copilot is moving from a clever drafting tool to something closer to an actual agent that can do multi-step work for you.

  • Sales Agent: a role-based Copilot inside Outlook, Teams and mobile that pulls in CRM context and helps reps work pipeline without flipping windows.

  • AI in SharePoint (formerly Knowledge Agent): build sites, libraries and pages by describing what you want in plain English. A genuine win for non-technical teams.

  • Copilot Notebooks refresh: references, Pages content and chats now sit side by side, which finally makes them useful for project work.

  • Admin and governance: new toggles for AI video generation, adoption dashboards, Purview integration, readiness reporting and expanded model choices including Claude Sonnet alongside the OpenAI models.

If you're already on a Microsoft 365 Business Premium or Copilot licence, a lot of this is included, you just need someone to switch it on, set the guardrails and train the team. The Microsoft 365 Copilot Business bundle for under-300-user organisations is also live, which puts it within reach of most Gloucestershire SMEs.


4. Ransomware: smaller, sharper, and aimed at SMEs

The latest UK ransomware figures are unflattering for small firms. Overall ransomware volume is down, but the number of UK organisations successfully compromised rose 20% year-on-year. Ransomware was present in 88% of SMB breaches versus only 39% of large-enterprise breaches. Translation: the attackers are spending less time on spray-and-pray, and more time on patient, targeted 'big game hunting' and SMEs are very much on the menu.

We saw another reminder this week with the late-April attack on UK firm RT Software, attributed to the Tridentlocker group. Real businesses, real downtime, real bills.


5. Why more UK SMEs are switching to a managed IT provider

The UK managed IT services market is forecast to push past £15 billion this year, and the reason is simple: the bar keeps going up. Cyber Essentials v3.3, AI security threats, agentic Copilot, cloud sovereignty and FinOps. Keeping on top of all that with one in-house IT person (or no IT person) is no longer realistic for most SMEs. Outsourcing it to an MSP is now the default, not the exception.

Sensible UK pricing for fully managed support sits in the £40–£150 per user per month range, depending on whether you want just helpdesk and monitoring or the full security and Copilot package on top.


What Wavetree recommends doing this week

  1. Audit MFA on every cloud service you use, not just Microsoft 365. If it offers MFA and it isn't on, switch it on this week.

  2. Confirm your patching cadence is hitting the new 14-day window for critical updates including servers, laptops you rarely see, and any kit working from home.

  3. Run a 30-minute team refresher on phishing and 'change of bank details' emails. AI-written scams are now indistinguishable from a normal supplier email.

  4. Test your backups. Don't just check they ran, but restore something. Ransomware recovery only works if your backups actually work.

  5. If you have Microsoft 365 Business Premium, ask whether Copilot is licensed and switched on - and if so, who in the team is being trained to use it properly.


If any of the above lands awkwardly particularly the Cyber Essentials Danzell auto-fails or the Copilot rollout, that's exactly what we do day in, day out for SMEs across Cheltenham, Gloucester and the wider South West. Drop us a line at wavetree.co.uk and we'll get you straight. Same again next Wednesday.

Recent Posts

See All

Comments

bottom of page