New NCSC toolkit helps small businesses take first steps in building cyber resilience

The Cyber Action Toolkit provides small businesses with a practical starting point for building cyber resilience

The National Cyber Security Centre (NCSC) has reinforced its commitment to small businesses with the launch of the Cyber Action Toolkit. Announced on 14 October at the NCSC’s Annual Review Launch, the toolkit offers sole traders, micro businesses, and small organisations the essential resources they need to protect their people, finances and reputation from the growing wave of cyber threats.

Recent figures reveal that 42% of small businesses reported a cyber breach in 2024, while 32% of micro businesses experienced phishing attacks. The NCSC is urging organisations to “act now” to strengthen their cybersecurity and ensure their defences are up to date. The Cyber Action Toolkit is designed to be the first step in that journey - helping businesses kickstart their cyber resilience, both internally and across their supply chains.

The toolkit provides personalised recommendations tailored to the size and needs of each enterprise, focusing first on high-impact and low-effort actions. Its tiered structure - Foundation, Improver and Enhanced - allows users to track progress and celebrate milestones as they advance through the programme.

Key features include:

• Free, tailored cybersecurity guidance
• Step-by-step actions based on business size and maturity
• Progress tracking with built-in gamification

The Cyber Action Toolkit empowers small businesses to gain the knowledge and confidence required to progress towards Cyber Essentials—the government-backed certification intended to establish a baseline standard for cyber resilience across the UK.