NCSC launches ‘refreshed’ Cyber Security Board Toolkit
The National Cyber Security Centre (NCSC) has today launched its refreshed Cyber Security Board Toolkit. With the UK and US’s shared interest in raising awareness of good cyber security to boards on both sides of the Atlantic, the toolkit is being launched in collaboration with CISA, the NCSC’s US counterparts.
Originally published in 2019, the Toolkit has proved very popular with boards and it's their feedback – together with input from non-executive directors and NCSC’s embedded industry i100 team – that will ensure the Toolkit remains up-to-date, relevant, and framed in language that boards are familiar with.
The Toolkit helps boards ensure that cyber resilience and risk management are embedded throughout their organisations. It will help boards make informed cyber decisions that are aligned to their wider organisational risks, and ensure cyber security is assigned appropriate investment against other competing business demands.
What's new in this edition of the Toolkit
In each of the sections within the Board Toolkit you’ll find:
- bite-sized videos to provide boards with a quick overview of each module;
- essential activities that boards should expect to see in their organisation;
- indicators of success: a series of questions (with possible answers) that boards can use to help evaluate their organisation's performance – these are designed as a ‘starting point’ to encourage productive cyber security discussions between boards and key stakeholders; and
- benefits of cyber security for organisations.
New additions include:
- a sample script of questions to help board members establish if they have enough cyber security knowledge to ensure their organisation has the appropriate plans in place to mitigate threats;
- an executive summary that summarises each section of the Board Toolkit;
- use cases that draw on real-life incidents to bring the guidance to life; and
- a Board Toolkit podcast, with contributions from industry-leading voices including the NCSC's former Chief Operating Officer Paul Maddison.
What's not changing
The nine core themes in the modules haven’t changed. Board members have told the NCSC how much they like the questions and possible answers, so these have stayed the same and all the questions are available in a single PDF. Also still included (and updated) is the 'Introduction to cyber security for Board members' , which is useful to those who are new to the subject and need to quickly get up to speed.
techUK welcomes the updates to this important Toolkit which helps organisations to adopt a methodical and proactive approach to cyber security and outlines basic safeguards that can greatly reduce the likelihood – and impact – of cyber-attacks.
Jill Broom
Jill is techUK’s Programme Manager for Cyber Security and Central Government, supporting the work of both programme teams and promoting better engagement between the public and tech sectors.

Dan Patefield
Dan leads the techUK Cyber Security programme, having originally joined techUK in August 2017 as a Programme Manager working across the Cyber and Defence programmes. He is responsible for managing techUK's work across the cyber security eco-system, bringing industry together with key stakeholders across the public and private sectors. Dan also provides the industry secretariat for the Cyber Growth Partnership, the industry and Governmnet conduit for supporting growth across the sector. A key focus of his work is to strengthen the public-private partnership across cyber security to support further development of UK cyber security policy.
Freddie MacSwiney
Freddie MacSwiney is the Programme Manager for Defence and Cyber Security at techUK.
Raya Tsolova
Raya Tsolova is the Programme Manager for National Security at techUK.
Cyber Security updates
Sign-up to get the latest updates and opportunities from our Cyber Security programme.