From Basics to Certification: Using the NCSC Cyber Action Toolkit to Improve Cyber Security

Cyber security is one of the biggest challenges facing small businesses today.  Criminals are increasingly targeting smaller organisations because they often lack the time, expertise, or resources needed to protect themselves online.

To help address this, the National Cyber Security Centre (NCSC) has launched the Cyber Action Toolkit, a free, easy-to-use resource designed specifically for helping small businesses, sole traders, and micro-organisations to improve their cyber defences.

What is the Cyber Action Toolkit?

The Cyber Action Toolkit is a straightforward digital programme that helps small businesses to take their first steps in building cyber resilience.  Rather than overwhelming users with technical jargon, it offers clear, personalised actions that are tailored to the size and needs of each organisation.

The toolkit was announced by the NCSC in October 2025 and was presented at the organisation’s Annual Review launch.  It is an initiative to support organisations that may not have dedicated IT teams but still need to protect their operations, people, and reputation from cyber threats.

Why It Matters for Small Businesses

Cyber risk is not just an issue for large corporations. Recent figures from the Cyber Security Breaches Survey show that 42 per cent of small businesses and 35 per cent of micro businesses reported some form of cyber breach in 2024. These incidents can lead to financial loss, disruption, damage to reputation, or loss of customer trust.

Many small business owners can find cyber security intimidating and often lack deep technical knowledge or extensive IT support. The landscape of tools and advice can feel overwhelming, especially if you are not familiar with IT. The Cyber Action Toolkit is designed precisely for this audience, aiming to change this by breaking down what is needed into simple and achievable steps so that you can take action without specialist skills.

What the Toolkit Offers

The Cyber Action Toolkit guides users through a series of actions that improve core areas of cyber protection. These are designed to be practical and relevant to everyday business operations. The toolkit’s recommendations are based on high-impact, low-effort actions that can noticeably strengthen security without requiring specialist knowledge.

The toolkit is arranged into three progressive levels:

• Foundation: where most businesses start with essential protective steps
• Improver: building on those basics to strengthen resilience further
• Enhanced: helping those ready to go beyond the essentials and adopt more advanced measures

This tiered structure helps users to track progress and understand what to do next at each stage.

Key features include personalised guidance, straightforward step-by-step actions and progress tracking.  These tools make the journey into cyber security feel less daunting for business owners who are new to the topic.

A Step Towards Cyber Essentials

While the Cyber Action Toolkit is designed as a starting point, it also prepares businesses for Cyber Essentials, a widely recognised, government-backed certification scheme. Cyber Essentials sets a basic standard of protection and can help organisations to win trust from clients and qualify for government contracts.

Completing actions in the toolkit can help you to build confidence and capability before pursuing formal Cyber Essentials certification.  This makes the toolkit a valuable first step in long-term cyber resilience planning.

Why Using the Toolkit is Worthwhile

Small businesses that use the Cyber Action Toolkit gain several advantages:

• A clear, structured starting point for improving cyber security
• Guidance tailored to their specific needs and maturity level
• Progress tracking that shows what they have achieved and what to do next
• A confidence boost as they begin to secure their business digitally

As the UK government and NCSC emphasise, taking simple protective actions now can significantly reduce the likelihood and impact of cyber-attacks.  The toolkit is designed to empower small business owners to take those actions confidently.

How to Get Started

The Cyber Action Toolkit is free and available online. To begin, business owners answer a few simple questions about their organisation. The toolkit then generates a list of tailored actions to help them improve cyber security in manageable steps.

This approach makes cyber security accessible to everyone, whether you have technical expertise or not. For many small businesses, it turns what once seemed complex and confusing into something practical and doable.

How AJC Can Help

At AJC, we can support small businesses at every stage of their cyber security journey. We can help organisations to understand their existing level of protection and identify the most important improvements to focus on. If you choose to act on the recommendations from the NCSC Cyber Action Toolkit, we can help guide you through implementation, ensuring changes are practical, effective, and proportionate.  For organisations aiming to achieve Cyber Essentials certification, AJC also provides hands-on support throughout the assessment and accreditation process, helping you to build stronger resilience and demonstrate your commitment to security to customers and partners.

Contact us on 020 7101 4861 or email us at info@ajollyconsulting.co.uk if you think we can help.

Sources:

https://www.ncsc.gov.uk/files/motivating-small-organisations-take-action.pdf

https://www.gov.uk/government/collections/cyber-security-guidance-for-business

https://www.techuk.org/resource/new-ncsc-toolkit-helps-small-businesses-take-first-steps-in-building-cyber-resilience.html

https://www.business.gov.uk/campaign/economic-security-advisory-service/cyber/

https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2025/cyber-security-breaches-survey-2025

Image accreditation: FlyD (February 2021). Last accessed on 12th December 2025. Available at: https://unsplash.com/photos/red-padlock-on-black-computer-keyboard-mT7lXZPjk7U