Growth
Technical report: Responsible use of the Border Gateway Protocol (BGP) for ISP interworking
Technical report on best practice use of this fundamental data routing protocol.
Decrypting diversity: Diversity and inclusion in cyber security report 2020
Joint report between the NCSC and KPMG UK is the first in a series to benchmark and track levels of…
Decrypting diversity: Diversity and inclusion in cyber security report 2021
The 2nd joint report between the NCSC and KPMG UK benchmarks against the 2020 findings to gauge what progress has…
Cyber Threat Report: UK Legal Sector
An updated report from the NCSC explaining how UK law firms – of all sizes – can protect themselves from…
Active Cyber Defence (ACD) – the fourth year
The year four report covers 2020 and aims to highlight the achievements and efforts made by the Active Cyber Defence…
ACD – The Fifth Year
Key findings from the 5th year of the Active Cyber Defence (ACD) programme.
A method to assess ‘forgivable’ vs ‘unforgivable’ vulnerabilities
Research from the NCSC designed to eradicate vulnerability classes and make the top-level mitigations easier to implement.
Zero trust: building a mixed estate
Two ways organisations can enable access and maintain the security benefits of zero trust even when parts of the infrastructure…
What is an antivirus product? Do I need one?
Detect and prevent malicious software and viruses on your computer or laptop.
Ransomware: ‘WannaCry’ guidance for home users and small businesses
Guidance for home users or small businesses who want to reduce the likelihood of being held to ransom by WannaCry…
Vulnerability scanning tools and services
Advice on the choice, implementation and use of automated vulnerability scanning tools for organisations of all sizes.
The UK’s response to global tariffs on steel and aluminium
**Title: The UK’s Strategic Response to Global Tariffs on Steel and Aluminium** On Wednesday, 12 March, the announcement of new…
Video conferencing services: using them securely
How to set up and use video conferencing services, such as Zoom and Skype, safely and securely
Video conferencing services: security guidance for organisations
Guidance to help you to choose, configure and deploy video conferencing services such as Zoom and Skype within your organisation
Using IPsec to protect data
Guidance for organisations wishing to deploy products that use IPsec.
Using TLS to protect data
Recommended profiles to securely configure TLS for the most common versions and scenarios, with additional guidance for managing older versions.
Transaction Monitoring for online services
This guidance is aimed at service owners and security specialists involved in the provision of online services.
Smart devices: using them safely in your home
Many everyday items are now connected to the internet: we explain how to use them safely.
Shopping and paying safely online
Tips to help you purchase items safely and avoid fraudulent websites.
Shadow IT
Managing ‘unknown assets’ that are used within an organisation.
Responding to a cyber incident – a guide for CEOs
Guidance to help CEOs in public and private sector organisations manage a cyber incident.
Reducing data exfiltration by malicious insiders
Advice and recommendations for mitigating this type of insider behaviour.
Recovering a hacked account
A step by step guide to recovering online accounts.
Network security fundamentals
How to design, use, and maintain secure networks.
NCSC advice: Malicious software used to illegally mine cryptocurrency
Guidance for members of the public, website administrators and JavaScript developers in relation to the recently publicised cryptocurrency mining compromises…
NCSC advice for Dixons Carphone plc customers
Advice for Dixons Carphone customers following its data breach.
Managing the risk of cloud-enabled products
Guidance outlining the risks of locally installed products interacting with cloud services, and suggestions to help organisations manage this risk.
Managing Public Domain Names
Good practises for the management of public domain names owned by your organisation.
Maintaining a sustainable strengthened cyber security posture
How organisations can avoid staff burnout during an extended period of heightened cyber threat.
Home working: preparing your organisation and staff
How to make sure your organisation is prepared for home working.
Guidance on digital forensics and protective monitoring specifications for producers of network devices and appliances
Outlining the expectations for the minimum requirement for forensic visibility, to help network defenders secure organisational networks both before and…
Guidance for organisations considering payment in ransomware incidents
Advice for organisations experiencing a ransomware attack and the partner organisations supporting them.
Cyber security for major events
Assessing the cyber security needs of major events.
Cyber security for high profile conferences
Managing the cyber security of high profile events in the real and virtual worlds.
Cyber security for farmers
Guidance to help farmers improve the security and resilience of their business against cyber threats.
Business communications – SMS and telephone best practice
How to ensure your organisation’s SMS and telephone messages are effective and trustworthy.
Engaging with Boards to improve the management of cyber security risk
How to communicate more effectively with board members to improve cyber security decision making.
Authentication methods: choosing the right type
Recommended authentication models for organisations looking to move ‘beyond passwords’.
Actions to take when the cyber threat is heightened
When organisations might face a greater threat, and the steps to take to improve security.
Acquiring, managing, and disposing of network devices
Advice for organisations on the acquisition, management and disposal of network devices.
‘Smart’ security cameras: Using them safely in your home
How to protect ‘smart’ security cameras and baby monitors from cyber attack.
Transparency data: DBT: workforce management information January 2025
**Understanding Departmental Workforce Management: January 2025 Transparency Data** In an evolving landscape of workforce management, transparency has emerged as a…
Notice: Notice to exporters 2025/06: upcoming updates to the UK strategic export control list
**Notice to Exporters 2025/06: Upcoming Updates to the UK Strategic Export Control List** In a continually evolving global landscape, it…
Guidance: Security & Policing 2025: countries, territories and organisations invited by UKDSE on behalf of the Home Office to attend
**Title: Enhancing Global Cooperation at Security & Policing 2025** As the world continues to evolve, so too do the challenges…
Guidance: Privacy notice for the ‘Get help with your export query’ service
**Understanding the Privacy Notice for the ‘Get Help with Your Export Query’ Service** In today’s global marketplace, the ability to…
A method to assess ‘forgivable’ vs ‘unforgivable’ vulnerabilities
Research from the NCSC designed to eradicate vulnerability classes and make the top-level mitigations easier to implement.
CyberFirst industries support CyberTV for students
Cyber security-themed videos, blogs and interviews from industry experts are supporting students and teachers.
Not all types of MFA are created equal…
Our updated multi-factor authentication (MFA) guidance recommends organisations use techniques that give better protection against phishing attacks.
Major new funding for music acts that supercharged careers of BRIT award winners
**Title: Major New Funding Set to Supercharge Careers of British Music Acts** In an exciting development for the UK music…
Joint Statement: Business Secretary and Fujitsu Services Ltd
**Joint Statement on Horizon Redress by Business Secretary Jonathan Reynolds and Paul Patterson, Director of Fujitsu Services Ltd** In a…
Brewing beer: rules and regulations for commercial brewing
**Brewing Beer: Navigating the Rules and Regulations for Commercial Brewing** The art of brewing beer has captured the hearts and…
Japan-UK Economic 2+2
**Title: Strengthening Ties: The Japan-UK Economic 2+2 Ministers’ Meeting** The recent Economic 2+2 Ministers’ Meeting between the United Kingdom and…
Transparency data: UK-Japan strategic economic policy and trade dialogue – joint statement, 7 March 2025
**Enhancing Bilateral Ties: A Focus on the UK-Japan Strategic Economic Policy and Trade Dialogue** On 7 March 2025, representatives from…
Transparency data: UK-Japan offshore wind memorandum of co-operation (MoC)
**Title: Strengthening Ties: The UK-Japan Offshore Wind Memorandum of Co-operation** In an era where renewable energy sources are at the…
Vacant shops to be filled as high streets revitalised
### Revitalising High Streets: Transforming Vacant Shops into Community Assets In recent years, high streets across the UK have faced…
Making Work Pay: collective redundancy and fire and rehire
### Making Work Pay: Collective Redundancy and Fire and Rehire In recent years, the terms “collective redundancy” and “fire and…
Guidance: Better Regulation Framework
### Navigating the 2023 Better Regulation Framework: A Guide for Government Officials In an ever-evolving landscape of governance, the need…
New UK–Japan Economic Partnership to propel growth
**New UK–Japan Economic Partnership to Propel Growth** In a significant stride towards enhancing international economic relations, the UK and Japan…
Authentication methods: choosing the right type
Recommended authentication models for organisations looking to move ‘beyond passwords’.
Vulnerability Scanning: Keeping on top of the most common threats
Vulnerability Scanning solutions offer a cost-effective way to discover and manage common security issues.
Identifying suspicious credential usage
How NCSC guidance can help organisations detect and protect themselves from credential abuse.
ACD 2.0: Insights from the external attack surface management trials
We publish the results of our ACD 2.0 external attack surface management (EASM) trials
Statutory guidance: The Companies (Directors’ Remuneration and Audit) (Amendment) Regulations 2025
**Title: Understanding the Implications of the Companies (Directors’ Remuneration and Audit) (Amendment) Regulations 2025** The landscape of corporate governance in…
Making Principles Based Assurance a reality
An update on the work to make Principles Based Assurance (PBA) usable in practice.
There’s a hole in my bucket
…or ‘Why do people leave sensitive data in unprotected AWS S3 buckets?’
Equities process
Publication of the UK’s process for how we handle vulnerabilities.
Protecting system administration with PAM
Remote system administration provides powerful and flexible access to systems and services.
Supplier assurance: having confidence in your suppliers
Questions to ask your suppliers that will help you gain confidence in their cyber security.
Why cloud first is not a security problem
Using the cloud securely should be your primary concern – not the underlying security of the public cloud.
NCSC IT: There’s confidence and then there’s SaaS
Raising a cheer for SaaS vendors who respond to our cloud security principles.
New interactive video – and related downloads – to help secondary school kids stay safe online
A new initiative, aimed at 11 to 14-year-olds, that helps them navigate the risks of online life.
The future of Technology Assurance in the UK
Chris Ensor highlights some important elements of the NCSC’s new Technology Assurance strategy.
Guidance: Business payment practices and performance: reporting requirements
**Understanding Business Payment Practices and Performance: A Guide to Reporting Requirements** In today’s dynamic business environment, transparency and accountability are…
Accredited official statistics: Building materials and components statistics: February 2025
# Insights into Building Materials and Components: February 2025 The construction sector plays a pivotal role in the economic landscape,…
Promotional material: Transport security: an introduction to UK capability
**Transport Security: An Introduction to UK Capability** In an increasingly interconnected world, the safety and security of our transport networks…
Promotional material: Securing critical national infrastructure: an introduction to UK capability
### Securing Critical National Infrastructure: An Introduction to UK Capability In an age where threats to national security are increasingly…
Transparency data: DBT register of board members’ interests 2024 to 2025
**Transparency in Governance: The DBT Register of Board Members’ Interests 2024 to 2025** In an age where accountability and ethical…
Employment Rights Bill to boost productivity for British workers and grow the economy
**Title: How the Employment Rights Bill Aims to Enhance Productivity and Stimulate Economic Growth** In a significant move aimed at…
Making Work Pay: the application of zero hours contracts measures to agency workers
**Making Work Pay: Tackling One-Sided Flexibility in Zero Hours Contracts for Agency Workers** In recent years, the issue of one-sided…
Making Work Pay: collective redundancy and fire and rehire
### Making Work Pay: Collective Redundancy and Fire and Rehire In recent years, the landscape of employment practices in the…
Research: Agency worker survey report
**Understanding the Agency Worker Experience: Insights from the 2020 Survey** In recent years, the role of agency workers within various…
Guidance: Better Regulation Framework
**Title: Navigating the Better Regulation Framework: A Guide for Government Officials** In an ever-evolving regulatory landscape, government officials are often…
The near-term impact of AI on the cyber threat
An NCSC assessment focusing on how AI will impact the efficacy of cyber operations and the implications for the cyber…
Employment Rights Bill to boost productivity for British workers and grow the economy
**Title: Employment Rights Bill: A Catalyst for Productivity and Economic Growth** In a significant move towards enhancing the welfare of…
Cloud security made easier with Serverless
Our research shows that using Serverless components makes it easier to get good security in the cloud
Notice: Notice to exporters 2025/05: compound settlement offer for breaches of export control
### Notice to Exporters 2025/05: Compound Settlement Offer for Breaches of Export Control In a recent announcement, HM Revenue and…
NCSC For Startups: from HP Labs to Configured Things
Simon Arnell, co-founder of Configured Things, describes how the NCSC For Startups programme helped the company solve an intelligence community…
Employment Rights Bill to boost productivity for British workers and grow the economy
**Boosting Productivity and Economic Growth: The Employment Rights Bill** The UK Government is taking a significant step toward enhancing the…
Government to turbocharge defence innovation
# Government to Turbocharge Defence Innovation In an increasingly complex and volatile global landscape, the importance of robust national defence…
Principles and how they can help us with assurance
Explaining the forthcoming NCSC Technology Assurance Principles.
Government to take over redress for convicted postmasters from Post Office
**Title: Government Assumes Control of Redress for Convicted Postmasters** In a significant development, the UK government has announced that it…
Transparency data: DBT register of board members’ interests 2024 to 2025
**Title: Understanding the DBT Register of Board Members’ Interests (2024-2025)** In an era where transparency and accountability are increasingly demanded…
Transparency data: DBT commercial pipeline
**Understanding the Transparency Data: DBT Commercial Pipeline** The Department for Business and Trade (DBT) plays a pivotal role in shaping…
Policy paper: UK support to Ukraine: factsheet
**Title: A Comprehensive Overview of UK Support to Ukraine Following the Invasion** In recent years, the geopolitical landscape of Eastern…
Transparency data: Post Office Horizon financial redress data for 2025
### The Post Office Horizon Financial Redress for 2025: A Comprehensive Overview As the aftermath of the Post Office Horizon…
Guidance: Register of Overseas Entities: guidance on registration and verification
**Understanding the Register of Overseas Entities: Guidance on Registration and Verification** In an increasingly globalised world, the complexities surrounding property…
Transparency data: COVID-19 loan guarantee schemes repayment data: December 2024
**Title: Insights into the Performance of COVID-19 Loan Guarantee Schemes: December 2024 Update** As we approach the end of 2024,…
Transparency data: COVID-19 loan guarantee schemes repayment data: December 2024
### COVID-19 Loan Guarantee Schemes: Insights from the December 2024 Repayment Data As we approach the end of 2024, the…
Guns, knives, swords and other offensive weapons: UK border control
### Safeguarding the UK: Understanding Border Control on Firearms and Offensive Weapons In recent years, the issue of firearms and…
£230m DHL investment in Coventry to create hundreds of local jobs
### DHL’s £230 Million Investment in Coventry: A Boost for Local Employment In a significant development for the West Midlands,…
Our Collaborations With 
