Our Government Mission

Cyber Risk Score

A single intuitive score based on all the information our tools can gather about an organisation

 Cyber Toolkit is designed to help government departments and their local institutions, such as schools, clinics, council offices, and community health centers, to improve their cyber security with minimal resources. Many of these organisations handle highly sensitive information and are connected to large, centralised networks. However, they often lack the budget, expertise, or time needed to focus on cyber security.

Cyber Toolkit addresses these challenges by providing an easy-to-use platform with a wide range of tools and dashboards. It allows government departments to quickly assess the cyber security posture of all their local institutions from one place. The platform offers features like bulk management, customisable portals, and automated alerts, making it easier to detect and resolve issues as they arise. By streamlining cyber security management, Cyber Toolkit empowers organisations with limited resources to protect sensitive data and maintain strong, secure connections to central systems.
Cyber Toolkit can be used by local institutions across the country free of charge, offering a suite of easy-to-use tools that simplify the detection and resolution of cyber issues. Local institutions can also grant their national departments access to relevant cybersecurity data collected through the toolkit, helping them pinpoint nationwide vulnerabilities and deploy resources more effectively.
Our hope is that our Cyber Risk Score, a standardised metric for assessing organisational cyber risk, can become a universal measurement by which cyber risk and improvement progress are tracked. Unlike other cyber security platforms, Cyber Toolkit is designed specifically for ease-of-use by non-technical staff, ensuring that even small institutions can protect themselves without needing specialised expertise.

Register

This system does not officially launch until 11th March 2026. You are able to pre-register in advance by completing the below form and when the system officially launches you will get an email containing login instructions.

Any legitimate UK-based public or private sector organisation can sign up for Cyber Toolkit and begin using the tools free-of-charge. The sign-up process can be very quick if you are able to use a Companies House registration number, a UK school Unique Reference Number or an FCA Society Number to prove that the organisation you are signing up is real. If you are unable to use any of these you can request a manual creation, however this does require a manual approval by our team within UK office hours.

Organisation Type:

Replacing Public Services Being Cancelled

In March 2026, NCSC Web Check and NCSC Mail Check will be discontinued and Police CyberAlarm will be shut down for an as-yet undisclosed amount of time. Additionally, NCSC's DNS Check will only be accessible to select government domains, excluding .sch.uk. These changes mean that thousands of organisations will lose access to critical cyber security tools. Without these services, organisations may face increased cyber security risks and a reduced ability to monitor threats, making it harder to protect sensitive information and maintain secure operations.

Cyber Toolkit is able to fill the gap left by the discontinuation of services by offering a suite of cyber security tools free of charge. Every UK-registered organisation can access these tools without paying any fees. Government departments responsible for areas like education, healthcare, and public administration will be able to view and report on results for all their local institutions. National departments will have access to a centralised dashboard that allows them to monitor cyber security performance across all local institutions, enabling targeted support and efficient resource allocation.

Schools & The Education Sector

Our team has extensive experience working with schools and the broader education sector, giving us a deep understanding of this complex ecosystem. Schools manage their IT in a variety of ways, such as through managed service providers or multi-academy trust IT departments. Over the past five years, we have delivered cyber security services tailored to the unique needs of schools, which has allowed us to develop Cyber Toolkit as a system that supports every way of working schools require. Unlike other solutions, Cyber Toolkit is uniquely designed to accommodate the diverse IT management approaches found across schools, ensuring seamless integration regardless of existing systems.

Cyber Toolkit enables Multi-Academy Trusts to manage all their schools through a single, unified interface, featuring screens that summarise all schools in one dashboard and the ability to receive alerts on behalf of their schools. What sets Cyber Toolkit apart from other management platforms is its customisable dashboards, real-time threat alerts, and seamless integration with existing school IT systems. These capabilities empower both Multi-Academy Trusts and Managed Service Providers (MSPs) to efficiently oversee even thousands of schools from a single account, ensuring proactive risk management with minimal technical overhead.

National Level

National level reports can be automatically produced to show the current and historic cyber security posture of local institutions under the control of the national department, which may include private organisations where appropriate, such as Multi-Academy Trusts and GP surgeries. Any subscriptions to tool-specific scores and raw data by the national department require the permission of the local institution. Permission from local institutions is obtained through a formal consent process, ensuring transparency and compliance with data protection regulations. By aggregating cyber security data nationally, departments can identify trends, allocate resources more effectively, and support institutions in improving their security posture.

Local Level

Cyber Toolkit provides a wide range of free tools, as can be seen below, to organisations that might otherwise lack the funding or expertise to implement these locally. These ready-to-use tools require minimal technical knowledge and each generates a Cyber Risk Score, which helps identify national and regional trends in areas needing improvement or targeted action.

Some Tools Included

Vulnerability Scan

A scan to identify externally facing known vulnerabilities.

Automated Web Application Penetration Test

An automated method of identifying application security issues such as SQL injection and Cross-Site-Scripting (XSS).

External Port Scan

A scan of ports available externally to identify exposed dangerous services.

HTTP Header Audit

An audit of the headers returned by a web server to ensure they meet security best practices.

Email Security Audit

An audit of email security settings such as the use of encryption, DMARC, DKIM and SPF.

DNS Configuration Audit

An audit of DNS configuration settings to look for exposed internal assets and CDN misconfigurations.

Leaked Credential Check

A broad check across many data breaches on the clear web and darkweb check if an email address is included.

SSL Encryption Audit

An audit of the SSL encryption settings of a website or web application.

Gateway Security Monitoring

Detection on inbound attacks as well as outbound requests to known malware/ransomware servers.

Compliance Risk Assessment

Tools to help users prepare their readiness for Cyber Essentials including guidance.

Supplier Risk Assessment

An audit of the risk each declared supplier represents based on technical information gathered on that supplier.

Emerging Threat Notifications

Continuous monitoring of new registered vulnerabilities based on an asset register of used technologies.