Cyber defence entered NATO’s political agenda in 2002, following the ‘cyber-attacks’ against the Alliance’s networks during the Kosovo crisis. At that time the Alliance committed merely to developing technical defence capabilities. Since then the change in the intensity, sophistication and target-orientation of malicious cyber activities has led to a strategic shift in the perception of IT security. The cyber threats which post-industrial States are facing today pose a potential threat to national and international security. Accordingly, NATO has recognized cyber threats as one of the emerging security challenges of the Alliance. During the last decade, NATO has issued several strategic documents; introduced cyber defence structures at the political, operational and tactical levels; and has undertaken a range of activities in order to strengthen the level of cyber defence within the Alliance, national cyber defence capabilities and cooperation with partner nations, international organizations, industry and academia. The NATO Policy on Cyber Defence of 2011 states the foci and principles of NATO’s cyber defence. Therewith, the Alliance continues to define its niche within the cyber security endeavours of the international community and demarcates its tasks from the national responsibilities of its Member States. The current setup of NATO’s cyber defence shows a sophisticated and comprehensive approach, reflecting the organization’s mandate and nature. Importantly, the Alliance maintains strategic ambiguity on the question of the circumstances under which malicious activities constitute a situation pursuant to Article 5 of the North Atlantic Treaty. At the same time, it offers other cyber-crisis management mechanisms and assists its Member States and partner nations in strengthening their national cyber defence capabilities. The question arises, however, as to whether the Alliance is currently prepared to face the range of offensive cyber capabilities in the hands of super-empowered individuals, hacktivist groups and States. Due to the political nature of the organization, the current set-up shows a few deficiencies and the implementation of policy faces some practical challenges.