The Gaming Boardroom

Active Cyber Defence (ACD) – The Third Year

Steve Tyler Leave a comment

Active Cyber Defence (ACD) – The Third Year

Summary

The National Cyber Security Centre’s Active Cyber Defence (ACD) third annual report covers activity during 2019 and explains how the programme reduced common online harms at scale. The report summarises progress across existing services and introduces newer work from 2019, with evidence of impact and transparency about methods.

Key Points

  • The ACD programme aims to ‘protect the majority of people in the UK from the majority of harm caused by the majority of cyber attacks the majority of the time’.
  • The report covers the 2019 calendar year and provides a public account of ACD activity and effectiveness.
  • The Takedown Service continued to substantially reduce malicious activity online and adapted to changing attacker behaviours.
  • DMARC adoption progressed; the NCSC improved its approach to coaching organisations through adoption and continues to monitor email-security standards.
  • A prototype capability was developed to detect subdomain hijack vulnerabilities at scale.
  • ACD operates in an automated, scalable way to remove the burden of action from end users and take down attacks before they reach citizens, institutions or businesses.
  • The full report is available as a downloadable PDF from the NCSC site.

Content summary

The report provides an overview of each ACD service active in year two and details new work from 2019. It highlights measurable outcomes — notably from the Takedown Service and progress on email security (DMARC) — and describes development of tools such as large-scale subdomain-hijack detection. Throughout, the emphasis is on scalable, largely automated defences that protect users without requiring action from them.

Alongside achievements, the report aims to be transparent about methods and effectiveness, offering the sector insight into what works when defending at scale and where further improvements are being pursued.

Context and relevance

This report is important for cyber-security professionals, public-sector teams, and organisations of all sizes because it demonstrates practical, operational defences that reduce common threats automatically. It ties into broader trends in automated defence, external attack-surface management and email hardening — areas that remain high priority for risk reduction and incident prevention.

Why should I read this?

Quick answer: if you care about stopping common online attacks cheaply and at scale, this is a tidy summary of what actually worked in 2019. It shows proven, low-friction interventions (takedowns, DMARC nudges, vulnerability scanning) that you can learn from or align with — especially useful if you’re responsible for organisational security or policy.

Author note

Punchy take: this isn’t academic fluff — it’s operational stuff that made a difference. Read the full PDF if you run security for an organisation or want evidence-backed measures you can advocate for internally.

Source

Source: https://www.ncsc.gov.uk/report/acd-report-year-three

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2026 The Gaming Boardroom. All rights reserved.