Skip to content

Secure INNOVATION

NPSA NCSC
Last Updated 13 February 2025

Core Security Measures for Early-Stage Technology Businesses

Introduction

Secure Innovation aims to give early-stage emerging technology companies the motivation and tools to deliver effective protective security, increasing their resilience to state threats and their competitive advantage when attracting funding or customers.

Certain states go far beyond legitimate international competition, descending into theft of intellectual property and trade secrets, for their technological, economic and military advantage.  Given the UK’s strong record in research and development, and vibrant startup ecosystem, UK companies are likely to be particularly attractive targets to a wide range of threats. Early-stage tech companies, like all businesses, also face threats from cyber criminals, who look to exploit vulnerabilities to steal data, deploy ransomware or enable fraud.

The core security measures suggested below will help early-stage technology businesses protect their intellectual property, information, and data, increasing their competitive advantage and resilience to state threats. Actions 1.1 - 1.4 and 2.1 - 2.3 can be implemented very quickly at no cost. Actions 1.5 - 1.6, 2.4, and 3.1 – 3.2 are realistically achievable within six months.

Protective Security Measures

1 - Fundamental Actions

Requirement

Supporting Resources

1.1 Identify someone at Board level who is responsible for security Secure Innovation Quick Start Guide
1.2 Identify the assets which are critical to your business’ success

Secure Innovation Quick Start Guide

Asset Identification Guidance

Identifying the critical assets in your organisation | NCSC

1.3 Add security risks to your corporate risk register

Secure Innovation Quick Start Guide

Secure Innovation Scenarios Booklet

Risk management | NCSC

1.4 If your organisation has a public IP address or domain name, sign up to the NCSC’s Early Warning service Early Warning | NCSC
1.5 Complete the Secure Innovation Personalised Action Plan and follow the recommended actions Secure Innovation Personalised Action Plan
1.6 Attain Cyber Essentials Cyber Essentials | NCSC

2 - Strongly Advised Actions

Requirement

Supporting Resources

2.1 Conduct background checks on all prospective investors, suppliers and partners Secure Innovation Background Checks Guidance
2.2 Implement a travel security policy Secure Innovation Travel Security Guidance
2.3 Implement a pre-employment screening process for prospective employees Pre-employment screening good practice guidance
2.4 Use the NCSC’s ‘Check your cyber security’ service to identify any common vulnerabilities in your public-facing IT - and if any vulnerabilities are identified, follow the recommended steps to address these Check your cyber security | NCSC

3 - Security Incident Management and Response

Requirement

Supporting Resources

3.1 Have a clear incident management plan in place that is routinely exercised to test your response to common security threat scenarios

Secure Innovation Scenarios Booklet

Developing your Incident Response plan | NCSC

Exercise in a box | NCSC

3.2 Consider taking out a Cyber Incident Response (CIR) retainer with an NCSC assured provider Cyber Incident Response Scheme | NCSC

Implementation Support

Many of the security measures above are achievable quickly, with no security expertise required, at little to no cost. In addition to the supporting resources highlighted in the table, the below provide options for more hands-on support from assured or chartered security professionals. 

Support from assured or chartered security professionals

The NPSA has guidance on Working with Security Professionals

The NCSC’s Cyber Advisor scheme provides small and medium sized organisations with reliable and cost effective cyber security advice and practical support. 

Funded Support

NCSC Funded Cyber Essentials Plus: For organisations under 50 staff working in certain sectors, the NCSC is offering funding for Cyber Essentials Plus – details and applications are online.

Change Log

  • NPSA and NCSC may update these recommendations as new guidance and tools are created.
  • V1.0 of the guidance was published on 2nd September 2024.
Did you find this page useful? Yes No