Growth
NCSC For Startups: the feedback loop
How startups can make the most of their time when pitching to cyber security experts.
NCSC for Startups: the case for collaboration
Saj Huq of Plexal explains why collaboration with the NCSC brings opportunities to the cyber security sector.
NCSC For Startups: taking on malvertising
Can your startup help counter the rise of malicious advertising?
Mastering your supply chain
A new collection of resources from the NCSC can help take your supply chain knowledge to the next level
Market incentives in the pursuit of resilient software and hardware
A new paper from the ONCD explores how metrics can influence markets to improve the cyber security ecosystem.
Making the UK the safest place to live and do business online
The NCSC’s Chief Executive Ciaran Martin outlines why the UK needs a National Cyber Security Centre.
Looking back at the ballot – securing the general election
NCSC CEO Felicity Oswald shares reflections on keeping the 2024 General Election safe.
Log4j vulnerability: what should boards be asking?
Advice for board members of medium to large organisations that are at risk from the Apache Log4j vulnerability.
Leveraging NCSC’s national insight to strengthen the fight against mobile threats
Traced Mobile Security co-founder Benedict Jones describes how ‘NCSC for Startups’ helped evolve his business.
Interactive administration in the cloud: managing the risks
Tips to help you secure and reduce interactive access to your cloud infrastructure.
Intelligent security tools: are they a smart choice for you?
What you need to know before buying artificially intelligent security products
Identifying suspicious credential usage
How NCSC guidance can help organisations detect and protect themselves from credential abuse.
How the NCSC thinks about security architecture
Richard C explains how an understanding of vulnerabilities – and their exploitation – informs how the NCSC assesses the security…
How CyberFish’s founder got hooked on Cheltenham
Berta Pappenheim, CEO and co-founder of CyberFish, explains how the NCSC For Startups programme has transformed her professional and personal…
Helping banish malicious adverts – and drive a secure advertising ecosystem
If your brand uses digital advertising, the NCSC has new guidance to help you choose a security-minded partner.
Growing positive security cultures
If your security culture isn’t improving naturally, here’s what you can do about it.
Funded cyber certification helps small charities to provide legal aid to vulnerable citizens
How the funded Cyber Essentials Programme helped the ‘Law Centres Network’ protect its IT estate – and client data –…
From the cyber proliferation threat all the way to Pall Mall
The first dedicated conference on this topic – and an insight into the NCSC assessment work behind it.
Digital twins: secure design and development
How existing NCSC guidance can assist those looking to develop and deploy ‘digital twins’.
Defending software build pipelines from malicious attack
Compromise of your software build pipeline can have wide-reaching impact; here’s how to tackle the problem.
Data-driven cyber: empowering government security with focused insights from data
How ‘small but actionable’ insights can improve behaviours and decision making.
Cyber Essentials Plus is for charities too!
Sara Ward, the CEO of Black Country Women’s Aid, discusses her organisation’s experience of gaining Cyber Essentials Plus certification.
Cyber Essentials ‘Pathways’: From experiment to proof of concept
We are encouraging large organisations to help us develop an alternative route to certification.
Cyber Assessment Framework 3.2
Latest version of the CAF reflects the increased threat to critical national infrastructure
Building Web Check using PaaS
How Platform as a Service (PaaS) can make good security easier to achieve.
Building on our history of cryptographic research
The NCSC has published new cryptographic research on robust cryptography – we explain its significance and how the ideas could…
A problem shared is . . . in the research problem book
Introducing the new NCSC research problem book and find out how you can get involved.
A different future for telecoms in the UK
NCSC Technical Director Dr Ian Levy explains the technical impact of the recent US sanctions on the security of Huawei…
A decade of Cyber Essentials: the journey towards a safer digital future
The 10-year anniversary of Cyber Essentials is not just a celebration of past achievements but a call to action for…
“Winning trust, and making powerful connections”
Chris Wallis, CEO of Intruder, explains how completing the NCSC’s Startup Programme was a turning point for his organisation.
“What’s happened to my data?”
Irrespective of whether the ransom is paid, a ransomware attack means organisations have lost control of their information.
“If you have knowledge, let others light their candles in it.”
Why sharing lessons learned from cyber security incidents and ‘near misses’ will help everyone to improve
Summary of the NCSC analysis of May 2020 US sanction
A summary of the NCSC’s analysis of the May 2020 US sanction which caused the NCSC to modify the scope…
Summary of NCSC’s security analysis for the UK telecoms sector
A summary of the NCSC’s security analysis for the UK telecoms sector
Technical report: Responsible use of the Border Gateway Protocol (BGP) for ISP interworking
Technical report on best practice use of this fundamental data routing protocol.
Decrypting diversity: Diversity and inclusion in cyber security report 2020
Joint report between the NCSC and KPMG UK is the first in a series to benchmark and track levels of…
Decrypting diversity: Diversity and inclusion in cyber security report 2021
The 2nd joint report between the NCSC and KPMG UK benchmarks against the 2020 findings to gauge what progress has…
Cyber Threat Report: UK Legal Sector
An updated report from the NCSC explaining how UK law firms – of all sizes – can protect themselves from…
Active Cyber Defence (ACD) – the fourth year
The year four report covers 2020 and aims to highlight the achievements and efforts made by the Active Cyber Defence…
ACD – The Fifth Year
Key findings from the 5th year of the Active Cyber Defence (ACD) programme.
A method to assess ‘forgivable’ vs ‘unforgivable’ vulnerabilities
Research from the NCSC designed to eradicate vulnerability classes and make the top-level mitigations easier to implement.
Zero trust: building a mixed estate
Two ways organisations can enable access and maintain the security benefits of zero trust even when parts of the infrastructure…
What is an antivirus product? Do I need one?
Detect and prevent malicious software and viruses on your computer or laptop.
Ransomware: ‘WannaCry’ guidance for home users and small businesses
Guidance for home users or small businesses who want to reduce the likelihood of being held to ransom by WannaCry…
Vulnerability scanning tools and services
Advice on the choice, implementation and use of automated vulnerability scanning tools for organisations of all sizes.
The UK’s response to global tariffs on steel and aluminium
**Title: The UK’s Strategic Response to Global Tariffs on Steel and Aluminium** On Wednesday, 12 March, the announcement of new…
Video conferencing services: using them securely
How to set up and use video conferencing services, such as Zoom and Skype, safely and securely
Video conferencing services: security guidance for organisations
Guidance to help you to choose, configure and deploy video conferencing services such as Zoom and Skype within your organisation
Using IPsec to protect data
Guidance for organisations wishing to deploy products that use IPsec.
Using TLS to protect data
Recommended profiles to securely configure TLS for the most common versions and scenarios, with additional guidance for managing older versions.
Transaction Monitoring for online services
This guidance is aimed at service owners and security specialists involved in the provision of online services.
Smart devices: using them safely in your home
Many everyday items are now connected to the internet: we explain how to use them safely.
Shopping and paying safely online
Tips to help you purchase items safely and avoid fraudulent websites.
Shadow IT
Managing ‘unknown assets’ that are used within an organisation.
Responding to a cyber incident – a guide for CEOs
Guidance to help CEOs in public and private sector organisations manage a cyber incident.
Reducing data exfiltration by malicious insiders
Advice and recommendations for mitigating this type of insider behaviour.
Recovering a hacked account
A step by step guide to recovering online accounts.
Network security fundamentals
How to design, use, and maintain secure networks.
NCSC advice: Malicious software used to illegally mine cryptocurrency
Guidance for members of the public, website administrators and JavaScript developers in relation to the recently publicised cryptocurrency mining compromises…
NCSC advice for Dixons Carphone plc customers
Advice for Dixons Carphone customers following its data breach.
Managing the risk of cloud-enabled products
Guidance outlining the risks of locally installed products interacting with cloud services, and suggestions to help organisations manage this risk.
Managing Public Domain Names
Good practises for the management of public domain names owned by your organisation.
Maintaining a sustainable strengthened cyber security posture
How organisations can avoid staff burnout during an extended period of heightened cyber threat.
Home working: preparing your organisation and staff
How to make sure your organisation is prepared for home working.
Guidance on digital forensics and protective monitoring specifications for producers of network devices and appliances
Outlining the expectations for the minimum requirement for forensic visibility, to help network defenders secure organisational networks both before and…
Guidance for organisations considering payment in ransomware incidents
Advice for organisations experiencing a ransomware attack and the partner organisations supporting them.
Cyber security for major events
Assessing the cyber security needs of major events.
Cyber security for high profile conferences
Managing the cyber security of high profile events in the real and virtual worlds.
Cyber security for farmers
Guidance to help farmers improve the security and resilience of their business against cyber threats.
Business communications – SMS and telephone best practice
How to ensure your organisation’s SMS and telephone messages are effective and trustworthy.
Engaging with Boards to improve the management of cyber security risk
How to communicate more effectively with board members to improve cyber security decision making.
Authentication methods: choosing the right type
Recommended authentication models for organisations looking to move ‘beyond passwords’.
Actions to take when the cyber threat is heightened
When organisations might face a greater threat, and the steps to take to improve security.
Acquiring, managing, and disposing of network devices
Advice for organisations on the acquisition, management and disposal of network devices.
‘Smart’ security cameras: Using them safely in your home
How to protect ‘smart’ security cameras and baby monitors from cyber attack.
Transparency data: DBT: workforce management information January 2025
**Understanding Departmental Workforce Management: January 2025 Transparency Data** In an evolving landscape of workforce management, transparency has emerged as a…
Notice: Notice to exporters 2025/06: upcoming updates to the UK strategic export control list
**Notice to Exporters 2025/06: Upcoming Updates to the UK Strategic Export Control List** In a continually evolving global landscape, it…
Guidance: Security & Policing 2025: countries, territories and organisations invited by UKDSE on behalf of the Home Office to attend
**Title: Enhancing Global Cooperation at Security & Policing 2025** As the world continues to evolve, so too do the challenges…
Guidance: Privacy notice for the ‘Get help with your export query’ service
**Understanding the Privacy Notice for the ‘Get Help with Your Export Query’ Service** In today’s global marketplace, the ability to…
A method to assess ‘forgivable’ vs ‘unforgivable’ vulnerabilities
Research from the NCSC designed to eradicate vulnerability classes and make the top-level mitigations easier to implement.
CyberFirst industries support CyberTV for students
Cyber security-themed videos, blogs and interviews from industry experts are supporting students and teachers.
Not all types of MFA are created equal…
Our updated multi-factor authentication (MFA) guidance recommends organisations use techniques that give better protection against phishing attacks.
Major new funding for music acts that supercharged careers of BRIT award winners
**Title: Major New Funding Set to Supercharge Careers of British Music Acts** In an exciting development for the UK music…
Joint Statement: Business Secretary and Fujitsu Services Ltd
**Joint Statement on Horizon Redress by Business Secretary Jonathan Reynolds and Paul Patterson, Director of Fujitsu Services Ltd** In a…
Brewing beer: rules and regulations for commercial brewing
**Brewing Beer: Navigating the Rules and Regulations for Commercial Brewing** The art of brewing beer has captured the hearts and…
Japan-UK Economic 2+2
**Title: Strengthening Ties: The Japan-UK Economic 2+2 Ministers’ Meeting** The recent Economic 2+2 Ministers’ Meeting between the United Kingdom and…
Transparency data: UK-Japan strategic economic policy and trade dialogue – joint statement, 7 March 2025
**Enhancing Bilateral Ties: A Focus on the UK-Japan Strategic Economic Policy and Trade Dialogue** On 7 March 2025, representatives from…
Transparency data: UK-Japan offshore wind memorandum of co-operation (MoC)
**Title: Strengthening Ties: The UK-Japan Offshore Wind Memorandum of Co-operation** In an era where renewable energy sources are at the…
Vacant shops to be filled as high streets revitalised
### Revitalising High Streets: Transforming Vacant Shops into Community Assets In recent years, high streets across the UK have faced…
Making Work Pay: collective redundancy and fire and rehire
### Making Work Pay: Collective Redundancy and Fire and Rehire In recent years, the terms “collective redundancy” and “fire and…
Guidance: Better Regulation Framework
### Navigating the 2023 Better Regulation Framework: A Guide for Government Officials In an ever-evolving landscape of governance, the need…
New UK–Japan Economic Partnership to propel growth
**New UK–Japan Economic Partnership to Propel Growth** In a significant stride towards enhancing international economic relations, the UK and Japan…
Authentication methods: choosing the right type
Recommended authentication models for organisations looking to move ‘beyond passwords’.
Vulnerability Scanning: Keeping on top of the most common threats
Vulnerability Scanning solutions offer a cost-effective way to discover and manage common security issues.
Identifying suspicious credential usage
How NCSC guidance can help organisations detect and protect themselves from credential abuse.
ACD 2.0: Insights from the external attack surface management trials
We publish the results of our ACD 2.0 external attack surface management (EASM) trials
Statutory guidance: The Companies (Directors’ Remuneration and Audit) (Amendment) Regulations 2025
**Title: Understanding the Implications of the Companies (Directors’ Remuneration and Audit) (Amendment) Regulations 2025** The landscape of corporate governance in…
Making Principles Based Assurance a reality
An update on the work to make Principles Based Assurance (PBA) usable in practice.
There’s a hole in my bucket
…or ‘Why do people leave sensitive data in unprotected AWS S3 buckets?’
Equities process
Publication of the UK’s process for how we handle vulnerabilities.
Our Collaborations With 
