The Programme was developed in 2013 to help strengthen the UK’s cyber capacity, increasing knowledge and skills to protect the country from attack.
The Office recognises that some progress has been made in the government’s understanding of sophisticated threats to national security.
However, it believes the level of understanding of threats to wider public services is varied.
The report claims that exports in UK cyber products increased 22% between 2012 and 2013, but progress in encouraging this has been slow.
According to an NAO survey, the government currently has its poorest performance in the area of encouraging cyber trade and exports.
The organisation also believes progress has been made in encouraging both businesses and citizens to mitigate risks, including larger companies.
Although many large firms have taken steps to reduce cyber risk, the report says that there has only been a limited impact when it comes to targeting SMEs and Whitehall has had trouble communication guidance to them that meets their needs.
Despite varying degrees of progress in different areas of the UK cyber security strategy, the NAO praised the financial management of the National Cyber Security Programme, claiming the government is on track to spend the planned budget of £860m by March 2016.
The report concludes that the Programme has made good progress and continues to do so, but because cyber threats continue to evolve, the government must increase the pace of change in some areas to meet objectives.