UK NCSC, NPSA launch Secure Innovation campaign to protect tech startups | CSO Online

UK NCSC, NPSA launch Secure Innovation campaign to protect tech startups | CSO Online

The UK National Cyber Security Centre (NCSC) and the National Protective Security Authority (NPSA), part of security agency MI5, have launched a new awareness campaign to encourage the UK’s emerging tech sector to protect and secure their innovations. The campaign consists of a suite of guidance that offers best-practice advice on keeping ideas safe.

A free Quick Start Guide is available to help those without extensive security expertise take the first steps toward protecting their innovations. Beyond this, the Secure Innovation website hosts more detailed advisories for businesses and investors, suggesting ways to bolster their protections against threats.

Startups are notoriously prime targets for cybercriminals, yet few of them are fully prepared for an attack. Research from Cisco and the National Center for the Middle Market found that 62% of small and midsize businesses (SMBs) don’t have an up-to-date or active cybersecurity strategy. Meanwhile, the National Cyber Security Alliance has previously referenced that 60% of SMBs that are hacked go out of business within six months, although it has recently backpedalled on this in favour of more current and clearly sourced data.

Security guidance centres on three key steps

“Security is a necessary investment for a tech startup. It will evolve as your company grows, but laying strong foundations from the start will help to protect your business from the get-go,” read the NCSC/NPSA guidance. “Putting protections in place now will save you time and stress further down the line and will give you peace of mind that your valuable assets are secure.”

The advice centres around three key steps for appointing a security lead, identifying and documenting key assets, and assessing a business for security risks.

Having a senior representative take ownership of security means it will be factored into all future business decisions, giving reassurance that it is always top of mind and won’t slip to the bottom of the priority list, the guidance stated. “Starting a conversation about security right from the start is a great step towards creating a positive security culture that will evolve as your business grows and will help your team to learn from any security incidents should they arise.”