CyberUK 2021: NCSC encourages startups to invest in cyber

The National Cyber Security Centre (NCSC) – alongside the Centre for the Protection of National Infrastructure (CPNI) – has issued new bespoke cyber security guidance for technology startups, aimed at protecting the UK’s valuable and innovative startup community from cyber attack by malicious actors, even nation-states, hell-bent on stealing their intellectual property.

Launched at the agency’s flagship CyberUK 2021 event, the guidance encourages startups to take steps to strengthen their defences, acknowledging in particular that those working in emerging technologies, such as artificial intelligence or quantum technology, may be particularly at risk.

“The UK has one of the world’s best startup ecosystems, which makes companies working in emerging technologies a target for hostile actors,” said the NCSC’s Ian Levy.

“That’s why alongside CPNI we have created bespoke guidance which aims to show these companies what good physical and cyber security looks like and how to implement it,” he said. “Putting good security in place now is a sound investment for these companies, helping lower the risks of future disruption and enhancing their attractiveness to investors.”

A CPNI spokesperson added: “UK startups and scaleups raised record investment in 2020, closing nearly £11bn in venture-capital funding, despite the obvious challenges. A large part of this success story is how open and engaging UK businesses have always been with their international partners. As new markets continue to emerge, so will the potential threats to companies’ intellectual property and ideas at the hands of hostile states, criminals and competitors.

“Developed in partnership between CPNI and NCSC and aimed at companies in emerging technology, Secure Innovation provides a holistic approach to all aspects of security, ensuring that good cyber principles are not undermined by physical and people risks which could threaten the success of a startup if not managed well from the outset. 

“Based on CPNI and NCSC’s technical expertise in protective security, this guidance provides the tools to establish simple, low-cost and pragmatic security-minded behaviours from the outset, making protecting their innovation and ingenuity as easy as possible.”

Developed alongside emerging tech companies, the Secure Innovation guidance package highlights at its core the importance of laying down strong security foundations that are capable of cost-effective and proportionate evolution as the company grows. This is particularly important when choosing partners to collaborate with, and expanding into markets beyond the UK.

It is aimed at founders and chief executives of startup businesses, and sets out how security can be integrated into the organisation’s culture. It advocates for security-centric risk management in supply chains, networks, information and data security, people and physical security, and cloud computing.