NCC Group is a global cyber security and software resilience company with a mission to create a more secure digital future. The company aims to help organizations identify, assess, mitigate, and respond to cyber risks. Its core business revolves around assessing, developing, and managing cyber threats for a wide range of clients, including global technology firms, financial institutions, and government bodies. NCC Group’s services encompass software escrow, verification, and cyber security consulting.
The company is recognized as a global expert in cyber security and risk mitigation. It operates across numerous sectors and geographies, providing solutions to protect clients’ brand, value, and reputation from the constantly changing landscape of cyber threats. As a research-driven firm, NCC Group’s consultants are also active researchers, ensuring its services are informed by the latest developments in cyber security. The company is listed on the London Stock Exchange and is a constituent of the FTSE 250 Index.
Offerings, Capabilities, and Integrations
NCC Group is a global cyber security and software resilience company with two main business divisions: Cyber Security and Escode. The company’s offerings are built on a foundation of research-driven threat intelligence and decades of experience, which allows it to provide customized and comprehensive security solutions. NCC Group’s ability to deliver end-to-end cyber security capabilities, from proactive prevention to incident response and recovery, gives it a competitive edge. This comprehensive approach, combined with deep advisory expertise, helps organizations strengthen their cyber security posture and manage risk effectively. The company’s reputation is built on its technical expertise and its role as a trusted advisor to both leading companies and governments.
Products and Services
NCC Group provides a wide range of products and services designed to address various aspects of cyber security and software resilience. These can be broadly categorized into the following areas:
- Cyber Security Services: This is NCC Group’s largest division and includes a comprehensive suite of services to help organizations identify, assess, mitigate, and respond to cyber threats. Key services include:
- Technical Assurance: This involves a variety of testing services to identify vulnerabilities, such as penetration testing, application security testing, and hardware and embedded systems security.
- Consulting & Implementation: NCC Group offers expert advice and hands-on support for implementing security controls and strategies, including identity and access management, operational technology security, and risk and compliance.
- Managed Services: The company provides 24/7/365 security monitoring and management through its Managed Extended Detection & Response (MXDR) services. This includes Managed Detection and Response (MDR), which integrates security information and event management (SIEM), endpoint detection and response (EDR), and network detection and response (NDR). A key offering is the Unified Cyber Platform (UCP), an AI-powered platform that integrates with a client’s existing technology stack.
- Incident Response: NCC Group provides expert-led crisis management and recovery guidance in the event of a cyber attack.
- Threat Intelligence: The company offers actionable intelligence on cyber threats and adversaries to help organizations with proactive defense.
- Escrow and Verification (Escode): This division, which was recently rebranded from NCC Group Software Resilience, is a market leader in software escrow services. Its primary service is to protect and verify the source code of business-critical software, ensuring business continuity for the end-user in case of supplier failure. Escode provides a variety of escrow agreements and verification testing to ensure the usability of the deposited materials.
A notable recent development is the launch of the Unified Cyber Platform (UCP) which underpins its MXDR services. The company is also launching new global practices in Digital Identity and Operational Technology.
Target Customers
NCC Group serves a diverse global client base across a wide range of sectors. The company works with some of the world’s leading companies, as well as governments and public sector organizations. Key target industries include:
- Financial Services
- Technology, Media & Telecommunications
- Retail & Consumer Markets
- Public Sector & Government
- Transport
- Energy & Utilities
- Manufacturing
- Legal & Professional Services
These organizations benefit from NCC Group’s services by gaining assurance that their digital assets are secure and resilient. For businesses, this means protecting their brand and reputation, ensuring operational continuity, and enabling innovation with confidence. For government and public sector clients, NCC Group acts as a trusted advisor on cyber strategy and policy. The company’s services help clients manage risk, comply with regulations, and build a strong security posture in an increasingly complex digital world.
Cloud Integrations and Marketplaces
NCC Group has a presence on the Amazon Web Services (AWS) and Microsoft Azure marketplaces, offering a range of its security services directly to cloud customers. The company also has partnerships and provides services related to Google Cloud, though it does not have listings on the Google Cloud Marketplace.
Amazon Web Services (AWS) Marketplace
NCC Group provides several services through the AWS Marketplace. These offerings are designed to help organizations protect their AWS environments and ensure the resilience of their applications.
- Escrow as a Service (EaaS): This service is designed to provide business continuity for users of third-party software by ensuring that critical applications, code, and data are accessible in the event of service disruption. It helps software vendors build trust with their customers by mitigating risks associated with software supply chains.
- DDoS Assured Service: As an AWS-approved DDoS Test Partner, NCC Group offers this service to simulate DDoS attacks in a controlled environment. This helps organizations test their defenses and understand how their people, processes, and technology will respond to an actual attack.
- Network Penetration Testing: This service provides customized penetration testing to identify and address security vulnerabilities in an organization’s network infrastructure.
- Cloud Security Architecture Assessment: This offering helps ensure that security is integrated into the design of an organization’s cloud architecture from the beginning.
- Cloud Security Assessment Review: NCC Group reviews an organization’s AWS cloud services and processes to identify and highlight security weaknesses.
Microsoft Azure Marketplace
On the Microsoft Azure Marketplace, NCC Group offers solutions that integrate with Microsoft’s security ecosystem.
- NCC Group Managed Extended Detection and Response (MXDR): This is a Microsoft-verified managed service that provides 24/7 proactive threat hunting, monitoring, and response. It integrates with the Microsoft Security platform, including Microsoft 365 Defender and Microsoft Sentinel, to provide comprehensive security coverage. The service aims to reduce the risk and impact of cyber breaches through custom integrations and automated enrichment.
- Microsoft Sentinel: 3-Week Workshop: This workshop is designed to help organizations understand the features and benefits of Microsoft Sentinel and Microsoft XDR. It includes a deep analysis of cyber threats, actionable recommendations, and the development of a deployment roadmap.
- Cloud Platform Assessment – Azure: This service provides assurance that an organization’s Azure cloud services, including Microsoft 365, are deployed and operated securely. It involves a review of security configurations and licensing arrangements.
Google Cloud Marketplace
NCC Group does not have any product or service listings on the Google Cloud Marketplace. However, NCC Group is a Google MASA (Mobile Application Security Assessment) Authorized Lab Partner and a Google CASA (Cloud Application Security Assessment) Authorized Assessor, indicating a partnership focused on application security assessments for applications on the Google platform.
Key People
- Non-Executive Chairman: Chris Stone
- Chief Executive Officer: Mike Maddison
- Chief Financial Officer: Guy Ellis
- Chief Operating Officer: Kevin Brown
- Chief Technology Officer: Siân John
- Chief Commercial Officer: Peter Vorley
- Senior Independent Non-Executive Director: Julie Chakraverty
- Independent Non-Executive Director: Mike Ettling
- Managing Director (Escode): Jayesh Patel
Key Facts
- Headquarters: Manchester, United Kingdom.
- Number of Employees: Approximately 2,200-2,433.
- Annual Revenue: £429.5 million (2024).
- Parent Company: None.
- Subsidiary Companies: NCC Group has made numerous acquisitions, including Fox-IT, Adelard LLP, and the Intellectual Property Management business from Iron Mountain. A full list of affiliates includes NCC Group Security Services Ltd. (United Kingdom), NCC Group Pty Limited (Australia), Fox-IT B.V. (Netherlands), and NCC Group Security Services Inc. (United States).
- Publicly Listed: Yes, on the London Stock Exchange.
Analyst Recognition
International analyst groups recognize NCC Group for its cybersecurity services.
- IDC: The firm named NCC Group a “Leader” in its IDC MarketScape: European Managed Detection and Response (MDR) Services 2024 Vendor Assessment. IDC highlighted NCC Group’s long history in cybersecurity, technical capabilities, and its strengths in the U.K. and Benelux regions. The report suggests that government and higher education sectors should consider NCC Group.
- Forrester: This analyst firm identified NCC Group as a “Strong Performer” in its Forrester Wave™: Cybersecurity Consulting Services In Europe, Q1 2024 report. Forrester noted that NCC Group excels in understanding the needs of CISOs and building strong customer relationships. The report also praised the expertise of its subsidiary, Fox-IT, in threat and incident response.
- Gartner: NCC Group is listed in the “Application Testing Services, Worldwide” category on Gartner’s Peer Insights platform.
There is no available information indicating recognition of NCC Group by the Everest Group.
