Digital technology is transforming businesses, accelerating growth, improving efficiency and driving innovation. It is now fundamental to the functioning of most organisations and the subject of much investment, enthusiasm and discussion.
At the same time new regulations such as GDPR, as well as high-profile media coverage on the impact of cyber incidents, have raised the cyber security expectations of partners, shareholders, customers and the wider public. Cyber security is an important business risk and therefore it is crucial that organisations get to grips with it. The UK’s National Cyber Security Centre (NCSC) is here to help organisations do just that.
The NCSC is a part of GCHQ and the UK government’s technical expert on cyber security. We are dedicated to providing the support, guidance and tools needed to protect businesses and their customers from cyber attacks. There is a wealth of information on our website aimed at increasing resilience to cyber threats, and for larger organisations there are three tools in particular we would highlight.
The first is the Board Toolkit. We have developed this toolkit to support corporate board members in having effective discussions on cyber security, including questions to ask on key topics, such as implementing cyber security measures and responding to incidents, and a summary of relevant cyber security regulation of which board members should be aware.
Exercise in a Box, meanwhile, is our free online tool which helps organisations understand how prepared they are to manage and respond to cyber attacks. It provides exercises based on common cyber threats which organisations can practice in their own time, in a safe environment, as many times as they wish. The scenarios complement Cyber Essentials, a set of criteria against which organisations can demonstrate they have met core cyber security controls.
Finally, we have partnered with industry to develop the Cyber Information Sharing Platform (CiSP). This knowledge sharing tool allows UK-based members to exchange cyber threat information in a secure, confidential and dynamic environment, helping to increase situational awareness, build a cyber-aware culture and raise resilience of UK organisations.
At the NCSC, we want to support businesses in improving their cyber security, and we would encourage them to continue on this path. Ultimately, it is for the benefit of businesses themselves, their customers and the country as a whole.