Resources designed to help board members govern cyber risk more effectively. The NCSC’s Board Toolkit helps boards to ensure that cyber resilience and risk management are embedded throughout an organisation, including its people, systems, processes and technologies. You can access the resources here: https://www.ncsc.gov.uk/collection/board-toolkit/toolkits-toolbox

A Cyber Security Evaluation, Tool Built for SMEs Essential Actions to Build Cyber Security Resilience The NCSC My Cyber Toolkit helps organisations improve their cyber security. Through this online tool, Small, Medium Enterprises (SMEs) are asked targeted questions to assess their current security status. They are then provided with recommendations to address security vulnerabilities, identify weaknesses, implement stronger protections, and build resilience against cyber threats. • How it works: https://cybertoolkit.service.ncsc.gov.uk/about Help & support: https://cybertoolkit.service.ncsc.gov.uk/support You can access a beta version of My Cyber Toolkit here: https://cybertoolkit.service.ncsc.gov.uk/layer/foundation

SME Cyber Security Resilience Project The SME Cyber Security Resilience Project adopts an integrated academic-industry approach that aligns project deliverables with natural academic cycles, while maintaining continuous progress toward improving SME security postures. This approach is designed to address several fundamental challenges in the cyber security ecosystem: 1. Resource Asymmetry: SMEs face sophisticated threats but lack dedicated security resources. Collaborative academic and industry activities, aims to create a sustainable force multiplier, in working towards effective security implementation. 2. Knowledge Transfer Gap: Traditional security consulting models often fail to build lasting capabilities within SMEs. This project emphasises the need for SME skill development and knowledge transfer, to create sustainable security practices. 3. Implementation Barriers: Security tools designed for enterprises are typically inappropriate for SME environments. For example, they may be too costly, require specialist expertise to deploy and maintain, or are may be a mismatch in terms of requirements. The methodology for this project focuses on adaptation and simplification of existing open-source tools to match SME operational realities. 4. Talent Pipeline Challenges: According to the Cyber security skills in the UK labour market 2024 report, the cyber security sector faces a significant skills shortage. Integrating real-world projects into academic programs, aims to address this gap while providing immediate value to vulnerable businesses. Stakeholder Benefits Small and Medium Enterprises • Immediate Security Improvements: Access to security assessment, monitoring, and implementation assistance that would otherwise be unaffordable • Knowledge Development: Gradual building of internal security capabilities through sustained engagement with academic and professional partners • Cost-Effective Solutions: Security implementations tailored to SME budgetary and operational constraints • Regulatory Compliance: Assistance meeting increasingly stringent security requirements across various industries • Business Resilience: Reduced vulnerability to business-threatening security incidents through improved prevention, detection, and response capabilities • Competitive Advantage: Security credentials that can differentiate participating SMEs in their markets Students • Real-World Experience: Hands-on application of security concepts in authentic environments with actual consequences • Career Development: Portfolio-building opportunities and professional network expansion • Cross-Disciplinary Collaboration: Experience working across technical, business, and communication domains • Employment Pathways: Direct connections to potential employers in both SME and security sectors • Academic Integration: Ability to fulfill course requirements while contributing to meaningful external projects • Technical Skill Development: Practical experience with industry-recognised tools and methodologies Academic Institutions • Enhanced Curriculum Relevance: Integration of current industry challenges into teaching materials • Research Opportunities: Access to real-world data and implementation environments • Industry Partnerships: Strengthened connections with private sector organisations • Student Recruitment: Enhanced appeal to prospective students seeking practical experience • Funding Pathways: Potential for industry and grant funding based on demonstrated impact • Community Engagement: Fulfillment of institutional missions to support regional economic development Cyber Security Professionals • Knowledge Sharing: Platform for sharing expertise with the next generation of security practitioners • Tool Development: Collaborative environment for adapting and improving open-source security tools • Professional Development: Opportunities to develop mentoring and leadership skills • Network Expansion: Connections with academic institutions and regional businesses • Industry Recognition: Acknowledgment of contributions to improving the broader security ecosystem • Talent Pipeline: Access to students with demonstrated skills for future recruitment Regional Economy • Ecosystem Resilience: Improved security posture across multiple business sectors • Talent Retention: Incentives for skilled graduates to remain in the region • Innovation Stimulus: Cross-pollination of ideas between academic and business environments • Economic Security: Reduced financial impact from security incidents affecting regional businesses • Competitive Positioning: Enhanced reputation as a security-conscious business environment • Knowledge Economy Growth: Development of specialised expertise in adapting security for resource-constrained environments Long-Term Sustainability The integrated approach in this project creates a foundation for long-term sustainability by: 1. Building Institutional Memory: Comprehensive documentation and knowledge transfer processes ensure continuity across academic cycles 2. Creating Modular Components: Technical implementations are designed for incremental improvement rather than wholesale replacement 3. Developing Governance Structures: Clear roles and responsibilities maintain momentum during transition periods 4. Establishing Value Exchange: Each stakeholder receives specific, measurable benefits, creating incentives for continued engagement 5. Measuring and Communicating Impact: Regular assessment and reporting demonstrate value to all participants