National Cyber Security Centre
Printable version

Large UK organisations offered ten steps to stay ahead of cyber threat

Refreshed 10 Steps to Cyber Security guidance released for cyber security professionals in large and medium sized organisations.

Decorative image

  • UK organisations offered refreshed guidance to stay ahead of emerging cyber threats
  • Renewed ‘10 Steps to Cyber Security’ advises on the growth of cloud services, the shift to home working, and the rise of ransomware
  • Advice updated on the first day of NCSC’s flagship CYBERUK 2021 ONLINE conference

CYBER security professionals at large and medium sized organisations were yesterday given access to a suite of refreshed guidance to help them stay ahead of current and emerging cyber threats.

The guidance, 10 Steps to Cyber Security, is a collection of advice from the National Cyber Security Centre – a part of GCHQ – that supports CISOs and security professionals keep their company safe by breaking down the task of protecting an organisation into ten components.

It is being unveiled during CYBERUK, a virtual gathering of thought leaders from the cyber security community and hosted by the NCSC.

The 10 Steps to Cyber Security, which were first published in 2012 and are now used by a majority of the FTSE350, have been updated to capture challenges posed by the growth of cloud services, the shift to large-scale home working, and the rise and changing nature of ransomware attacks.

Sarah Lyons, NCSC Deputy Director for Economy and Society, yesterday said:

“The cyber threat landscape is constantly evolving and that’s why it’s really important that all businesses understand their cyber risk.

“Our 10 Steps to Cyber Security has been – and continues to be - a fundamental guide for network defenders and this update demonstrates our commitment to securing the UK economy.

“Following our advice will reduce the likelihood of incidents occurring but also minimise impact when they do get through.”

The renewed ten components, all of which consider that home and mobile working is now the default for most large and medium sized organisations, cover:

  • Risk management
  • Engagement and training
  • Asset management
  • Architecture and configuration
  • Identity and access management
  • Vulnerability management
  • Data security
  • Logging and monitoring
  • Incident management
  • Supply chain security

The refreshed guidance, which can also be used by charities and public sector organisations, can be used in tandem with the NCSC’s Cyber Security Board Toolkit, which helps frame discussions between technical experts and the Board to ensure that online resilience is a high priority.

Smaller organisations and sole traders are encouraged to familiarise themselves with the NCSC’s Small Business Guide, which contains advice tailored to meet the specific challenges they face. However, the wider principles outlined in the 10 steps are applicable to all organisations.


Channel website:

Original article link:

Share this article

Latest News from
National Cyber Security Centre