What is the National Cyber Security Centre (NCSC) and what does it do?

A logo is displayed on a television screen in the National Cyber Security Centre (NCSC) on February 14, 2017 in London, England
(Image credit: Getty Images)

Whenever you’ve heard about a cyber attack on a UK institution, be it public, private, or third sector, you’ve likely also heard that the National Cyber Security Centre (NCSC) is involved in providing support. 

That’s because the center is the UK’s dedicated organization charged with protecting the country from cyber security threats. Acting as a bridge between industry and government, the NCSC provides vital security advice, support, and information on best practice for the public and private sector. 

Formed to act as a ‘technical authority’ for issues related to cyber security,  the NCSC is part of GCHQ, the UK’s intelligence and security agency. The NCSC was formally established in 2016, absorbing existing organizations such as the Computer Emergency Response Team (CERT-UK) and Communications-Electronic Security Group (CESG).

Since then, the NCSC’s responsibilities and scope have expanded significantly, largely due to the continually escalating cyber threat landscape that UK businesses and organizations are forced to contend with. 

Here’s everything you need to know about the NCSC. 

What does the NCSC do?

By its own definition, the NCSC provides a “single point of contact” for small businesses, large enterprises, government agencies, and the general public for all cyber-security-related issues or incidents. 

When a UK organization falls victim to a cyber attack, the NCSC provides critical incident response support to help alleviate the impact of an incident, coordinating with the affected business, law enforcement, and other UK authorities to assist with recovery. 

This support is provided through the Cyber Incident Response (CIR) scheme, originally aimed at assisting organizations operating in critical national infrastructure (CNI). It has since been expanded to include support for smaller enterprises

With small businesses and charities ranked among the most targeted organizations in the UK, the NCSC has expanded the scope of this program to provide more comprehensive support. Ransomware attacks against small businesses by groups such as LockBit are specifically on the rise and the NCSC has demonstrated a focus on alleviating this threat.

Recent instances of this support include the British Library ransomware attack, which saw the NCSC provide response and advice. 

NCSC training schemes

The agency provides more than just incident response support. A key focus for the NCSC centers around proactive actions to protect institutions across the country. 

This includes the publication of frequent threat advisories aimed at providing vital information for businesses to stay ahead of the curve and defend themselves. IN 2024 alone, the NCSC has published advisories on state-linked threat actors, so-called ‘living off the land attacks’, and attacks against CNI

The agency also provides best practice advice for businesses of all sizes across the UK. For example, the NCSC’s recent ransomware guidance urges organizations to cease ransomware payments to remove the incentive for threat actors to conduct these attacks.

In addition to its reactive and advisory roles, the NCSC provides educational programs to arm workers with the knowledge to spot and counter cyber threats. This includes its NCSC Certified Training program, which offers skills training for professionals already working in – or just joining – the cyber security industry. 

The NCSC runs practical training too, such as the Exercise in a Box scheme. This free-to-use exercise allows organizations to test their response to a cyber attack and fine-tune their processes in the event of an incident. 

In December 2023, the NCSC expanded this program in collaboration with CREST and certification organization, IASME. The Cyber Incident Exercising scheme gives users access to approved service providers from the security industry and provides bespoke, real-time cyber incident exercises. 

Supporting the cyber workforce of the future

With the UK contending with the well-publicized cyber security skills shortage, the NCSC has become a leading voice in the drive to encourage young people to take up careers in the industry. 

This includes the CyberFirst program, which aims to support students aged 11-17 to develop computing science and cyber skills with bursaries, free courses, and competitions. 

According to the NCSC, this program “provides opportunities for young people to explore their passion for tech by introducing them to the fast-paced world of cyber security”. 

The NCSC also runs the CyberFirst Girls competition, a competition for schoolgirls aged 12-13 intended to encourage more girls to aim for careers in tech and improve the share of women in cyber security in the long term.

Who leads the NCSC?

Ciaran Martin served as the first chief executive of the NCSC upon its formation in 2016. Martin had previously served as director of security and intelligence at the UK Cabinet Office from 2008-2011 and head of cyber security at GCHQ, a position from which he advocated for the creation of the NCSC. 


Throughout his tenure as CEO at NCSC, Martin oversaw the establishment of many of the programs and procedures the agency follows today and saw the UK’s cyber security preparedness ranking raised to first in the International Telecommunications Union (ITU)’s yearly index.

Martin left in August 2020 and has since expressed regret over the NCSC’s initial focus on state-sponsored cyber attacks at the expense of tackling organized cyber crime.

Since then, the agency has had several CEOs. Lindy Cameron succeeded Martin in 2020 and during her time in the role highlighted the immediate threat ransomware poses to the UK and how AI could increase the speed of CNI attacks.  

After Cameron announced her departure in December 2023, the post was filled by interim CEO Felicity Oswald, who continues to hold the role ahead of new chief executive Richard Horne taking the reins in the autumn of 2024.

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.