Secure Innovation Security Review Scheme: don’t wait to protect what you’re building
If you’re an early-stage tech company, your most valuable assets are the ones attackers can’t see on your balance sheet: your IP, your data and your ideas that give you an edge.
Those are exactly what state threat actors and state-backed competitors are targeting.
To help you stay ahead of these threats, the UK government has launched the Secure Innovation Security Review Scheme. For a limited number of organisations, the government is partially-funding expert security reviews delivered by approved assessors like us.
What is the Secure Innovation Security Review Scheme?
The scheme has been developed by the UK’s National Protective Security Authority (NPSA) and National Cyber Security Centre (NCSC) under the Secure Innovation campaign.
The goal is to help founders and leaders of innovative early-stage tech companies protect their IP, competitive advantage and reputation from common and state-linked threats.
Through the scheme, up to 500 early-stage tech organisations can access a comprehensive security review at a fraction of the normal cost:
- Your organisation contributes £500
- The remaining £2,500 is covered by government funding.
What does the security review cover?
As an approved security reviewer, we work with you to assess your current position and provide tailored recommendations against a framework developed by the NPSA and NCSC.
The review gives you holistic protective and cyber security advice, with a specific focus on how to protect your innovation and IP.
The review will cover:
- Protective security governance
Who owns security, how decisions are made and how risks are managed. - Risk and incident management
How you identify key threats, prioritise risks and respond when an incident occurs. - Security culture
Awareness, behaviours and how your people handle sensitive information. - Cyber security
Practical controls around access, devices, cloud services and critical systems. - Supply chains and partnerships
How you manage security in collaborations, vendors and strategic partners.
The outcome is not just a list of controls; it is a focused set of pragmatic, prioritised actions designed for early-stage companies.
Why this matters for early-stage tech companies?
As an early-stage company, you are likely to find yourself in a difficult position, such as:
- You’re highly innovative and visible but may not yet have mature security functions.
- You’re working on high-value IP that is strategically interesting to hostile states and competitors.
- You’re dependent on trust from investors, customers and collaborators.
Security incidents at this stage can be devastating. They can derail funding rounds, damage investor confidence and slow down customer acquisition.
The Security Review Scheme is designed to ensure that security becomes a strategic enabler, not just a tick-box exercise. By demonstrating you understand and are managing key risks, you strengthen your position with investors and customers alike.
Eligible sectors
The scheme is aimed at organisations operating in sensitive and high-value technology areas covered by the National Security and Investment Act and the UK Industrial Strategy.
Under the National Security and Investment Act, eligible sectors include:
- Advanced materials (including semiconductors)
- Advanced robotics
- Artificial intelligence
- Civil nuclear
- Communications
- Computing hardware
- Critical suppliers to government
- Cryptographic authentication
- Data infrastructure
- Defence
- Energy
- Military and dual-use
- Quantum technologies
- Satellite and space technologies
- Suppliers to the emergency services
- Synthetic biology
- Transport
Under the UK Industrial Strategy, eligible sectors also include:
- Advanced manufacturing
- Clean energy industries
- Defence
- Life sciences
If your organisation operates in or supports any of these areas, you are likely to be within scope for the scheme.
Proven impact: what previous participants said
In the pilot phase of the scheme:
- 98% of participants reported that, following the review, they felt they had sufficient knowledge to identify security threats to their business.
- 89% said that their £500 contribution represented value for money.
Founders left the process better informed, more confident and with a clear plan of action to improve their security maturity.
How can Moore Kingston Smith help?
As one of the approved assessors for the Secure Innovation Security Review Scheme, our role is to guide you throughout the entire journey. Here is how we work:
- Understand your business and your innovation
- Conduct a structured review against the NPSA/NCSC framework
- Provide clear, prioritised recommendations
- Position security as an asset, not a hurdle
- Six-month progress check-in
Bonus: Cyber Essentials voucher
To help you move toward Cyber Essentials (the NCSC’s recommended minimum standard), each organisation completing a security review will receive a £300 voucher once the report has been submitted.
For your £500 contribution, you receive a government-funded review worth £3,000 including £300 off progressing to recognised Cyber Essentials certification.
Get in touch
If you would like to learn more about the scheme or are looking to apply for the grant, please contact us to arrange a short introductory call.
