Understand Your Supply Chain Risk

Bulk Upload

Quickly upload all suppliers via a spreadsheet. You will need your suppliers registered number, website and contact details

Immediate Score

Receive an initial score for every supplier based on Open Source data and an overall Supplier Risk Score for your organisation.

Subscribe

Continuously subscribe to supplier data and get alerted to significant changes in your supplier risk score.

Register

This system does not officially launch until 11th March 2026. You are able to pre-register in advance by completing the below form and when the system officially launches you will get an email containing login instructions.

Any legitimate UK-based public or private sector organisation can sign up for Cyber Toolkit and begin using the tools free-of-charge. The sign-up process can be very quick if you are able to use a Companies House registration number, a UK school Unique Reference Number or an FCA Society Number to prove that the organisation you are signing up is real. If you are unable to use any of these you can request a manual creation, however this does require a manual approval by our team within UK office hours.

Organisation Type:

The Supply Chain Problem

The rate and severity of cyber attacks targeting the supply chain of intended victims has increased every year since 2016, when the Panama Papers cyber breach gained significant media attention. Notable incidents such as the SolarWinds breach in 2020 further illustrate how supply chain attacks can compromise sensitive information across multiple sectors. This dangerous attack trend represents a significant risk to the UK's largest organisations, government institutions, Critical National Infrastructure (CNI), and individuals.

To protect key institutions and the nation overall, it is crucial to strengthen cyber security standards among the smaller organisations that form the supply chain. To address this need, schemes such as Cyber Essentials have been developed to help small businesses implement fundamental security controls that safeguard against approximately 80% of common cyber attacks. Cyber Essentials is a government-backed certification scheme that outlines core cybersecurity practices every organisation should follow.

Similarly, Cyber Toolkit is designed to support this same goal by offering a suite of technical tools and resources tailored specifically for smaller organisations. While Cyber Essentials focuses on certification and setting minimum standards, Cyber Toolkit provides actionable tools and guidance to help small businesses assess, improve, and manage their cyber security posture, making it easier for them to identify issues and take corrective action.

When you add suppliers to Cyber Toolkit, they receive an email notification. The email informs them that your organisation has granted them access to a range of free cyber security tools. These resources include vulnerability scanners, risk assessment checklists, and guidance documents specifically tailored for small organisations. The tools help suppliers identify cyber security issues and provide advice to resolve them. This visibility is especially important for small organisations without dedicated cyber teams or enterprise tools. By using these resources, suppliers can proactively address their cyber security challenges.

Cyber Toolkit enables organisations to support their suppliers by providing resources and self-assessment tools that help them become aware of cyber security risks, evaluate their own environments, and address vulnerabilities. By empowering suppliers to recognise issues and implement targeted improvements, Cyber Toolkit helps your organisation reduce overall cyber risk.

A Supplier's Cyber Toolkit Journey

The journey for a supplier starts with you, sign up your organisation for Cyber Toolkit using the form on this page. Once your access has been approved you can log in and make use of all tools within Cyber Toolkit, including the Supply Chain Risk Assessment tool.
The next step is to upload your suppliers. Cyber Toolkit provides you with a spreadsheet template and an upload facility in addition to being able to add suppliers one-by-one. All suppliers must have a registered company number or government unique reference number, a website and a contact email address. Suppliers are organised into Tiers based on the level of access they have to your computer network, systems and data.
As soon as suppliers are added to Cyber Toolkit the system begins an Open Source Intelligence (OSINT) assessment of their organisation, this includes many technical checks that do not make contact with the organisation in any way. The scores from these checks are added together to create a Cyber Risk Score for each supplier which can be used to quantify the risk the whole supply chain represents. This assessment is initiated immediately and results are available shortly after upload.
All suppliers uploaded will be notified that they have been added to the system as a supplier and made away of the array of tools now available to them free-of-charge. The supplier can activate assessment and monitoring tools which will contact their assets to assess their security, these tools produce recommended actions which, if followed by the supplier, will improve their cyber security and reduce your supply chain risk. Suppliers will also have access to assurance tools to help with Cyber Essentials preparedness, a certification proven to improve cyber security.
You are able to request a permanent subscription to the Cyber Risk Scores for supplier organisations. The overall Cyber Risk Scores of a supplier can be subscribed to without any interaction from the supplier. It is also possible to subscribe to the scores, and even the raw results, of individual tools for a supplier organisation, however this will require the supplier to approve your subscription request. Scores that are subscribed to will be stored over time to quantify improvements made.