CBN Newsletter | August 2025

Our monthly update to bring you the relevant, high-level policy and business news from across the cyber sector. 

This month, we take a look at the Government’s overview of submissions to the Ransomware Consultation, Government Resilience Action Plan, and a raft of other public and private sector announcements.

If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch. 

never miss a thing

Sign Up to Hear about News and events

Sign up

Headlines

Consultation response: Ransomware

Following on from the consultation in the Spring, Ransomware: proposals to increase incident reporting and reduce payments to criminals, the Home Office has published an overview of submissions and its response. 

Overall, the feedback on the proposals was “positive and constructive”, and the Government intends to move forward with all three of its proposals, bringing in legislation around this.  

The Government has promised to publish “detailed guidance” before new reporting obligations come into force, as concerns from the NCA and other groups remain that these proposals may not have the deterrent effect the Government is hoping for. A representative from RUSI noted that the ransomware ban might not have the desired effect of deterring criminals from attacking UK CNI, and in fact make it harder for businesses to recover; he also called for more resources for the NCSC and NCA to cope with the increase in reporting.  

In addition, the Home Office is also reviewing the Computer Misuse Act (1990) and an update to this may be introduced alongside ransomware legislation. 

Research conducted by Commvault has found that 75% of UK business leaders would risk criminal charges and break a ransomware payment ban if it applied to the private sector. The study, which surveyed leaders from companies valued at over £100 million, interestingly also revealed that 96% believe such payments should be banned across both the public and private sectors.

Government Resilience Action Plan

The Cabinet Office has published its new “Government Resilience Action Plan”, outlining a strategic approach to enhancing the nation’s preparedness against various complex risks, including pandemics, cyber-attacks, climate change, and geopolitical instability.

The plan revolves around three main objectives: firstly, to continuously assess risks and resilience through improved data-sharing and science-based analysis; secondly, to promote whole-of-society engagement by providing communities, businesses, and critical infrastructure with enhanced tools and training; and thirdly, to fortify public sector systems through clearer roles, stronger local leadership, and independent oversight.

The plan mentions a commitment to build a new Cyber Resilience Index (CRI) to provide a cross-sector, holistic overview of cyber resilience for UK CNI to target resilience building efforts, as well as the Home Office’s work to progress their ransomware proposals and the upcoming Cyber Security and Resilience Bill (no specific date given). 

If you would like to get involved in our work or have questions, please contact us at secretariat@cb-network.org.

Insights

CBN Supports New Roadmap for UK Cyber Workforce Development

A new whitepaper from the East Midlands Cyber Security Cluster, supported by the All-Party Parliamentary Group (APPG) for Cyber Innovation, sets out a roadmap to address the UK’s ongoing cyber workforce challenges. The Cybersecurity Business Network (CBN), as Secretariat to the APPG, supported the drafting and publication of this report, including the foreword and recommendations to Government.

Authored by Dr Ismini Vasileiou , the report explains the need for a UK-wide cyber skills taxonomy. It highlights that the current landscape is fragmented, with too many frameworks, inconsistent job descriptions, and a persistent gap between what education provides and what industry needs.The report explains the need for a UK-wide cyber skills taxonomy. It highlights that the current landscape is fragmented, with too many frameworks, inconsistent job descriptions, and a persistent gap between what education provides and what industry needs.

Some of the main recommendations are: a DSIT-led taskforce to create a national taxonomy for cyber skills; a national body to manage this taxonomy; steps to encourage employer adoption of skills-based recruitment; better alignment between education and real-world cyber jobs; and national support for regional cyber skills programmes.

For cyber businesses, this unified approach would make hiring and developing talent clearer and more consistent. It would also help inform training and qualifications, improve diversity in the sector, and ensure the workforce can keep pace with new threats, especially as technology changes.

CBN looks forward to working further with the East Midlands Cluster and the APPG for Cyber Innovation to take this work forward in the autumn. We encourage our members to get involved with this effort as we look to help shape the future of the UK cyber workforce.

Policy and Political

Update on M&S and Co-Op cyber attacks 

The House of Commons Committee on Business and Trade’s Sub-Committee on Economic Security, Arms and Export Controls heard a series of evidence sessions, which looked at the UK’s wider economic security, with particular lines of questioning revolving around the recent attacks. 

In the first session, representatives from the Blavatnik School of Government highlighted that evolving cyber threats now include the risk of large-scale disruption to critical services. NCC Group emphasised the increasing risk from the convergence of state and criminal cyber actors and underlined the value of strong public-private partnerships, and RUSI suggested that mandatory cyber incident reporting and improvements in cyber insurance would strengthen national cyber resilience.

The second session, with senior representatives from the NCA, City of London Police, and the NCSC, focused on the UK’s ability to respond to growing cyber threats and the challenges faced by both public and private sectors. Representatives also underlined the increasing complexity and scale of cyber threats, and stressed the need for improved basic cyber hygiene, collaborative incident response, and stronger international cooperation to keep pace with a rapidly evolving threat landscape.

Finally, in response to the recent cyber attacks faced by their companies, the representatives from Marks & Spencers (M&S) emphasised the importance of a rapid counter-response, board-level focus and improved Government coordination, as well as investment in IT and cybersecurity modernisation.Representatives from Co-Op also argued that layered cyber defences, crisis planning and industry-wide collaboration on cyber resilience were valuable assets to limit the impact of cyber attacks and prevent ransomware deployment.

Government ministers responded to the committee inquiry largely in agreement, with a strong consensus that coordinated action across departments, robust risk assessment, and close collaboration with business, especially in supporting SMEs and critical sectors was necessary whilst acknowledging that public-private partnership and whole-of-society engagement must evolve to meet rapidly changing threats.

The NCA said two 19-year-old men, a 17-year-old boy and a 20-year-old woman had been apprehended in connection with the attacks, on suspicion of breaching the Computer Misuse Act, blackmail, money laundering and joining the activities of organised crime. 

Defence Committee publish report on “grey zone” threats 

The Defence Committee has published its latest report, “Defence in the Grey Zone”, which examines how the UK is dealing with threats that fall below the level of armed conflict. These threats include sabotage, espionage, cyber-attacks and disinformation.

The report highlights a sharp rise in cyber-attacks targeting the UK, particularly from hostile states such as Russia. The Ministry of Defence (MOD) and the National Cyber Security Centre (NCSC) have seen significant increases in the number and sophistication of attacks.

A key concern is the vulnerability of critical national infrastructure (CNI), such as undersea data cables and energy pipelines. The report notes that disruption to these systems could have a major impact on the UK’s economy and society.

The Committee found that many cyber threats exploit the weakest links in the digital supply chain. This includes public and private organisations that support defence, such as contractors and service providers; a recent example is a breach involving armed forces payroll data held by a contractor. The report also stressed  the need for a “whole of society” approach to resilience. It encourages the MOD to work with other Government departments, alongside industry, education institutions and communities to raise awareness of cyber threats and improve preparedness.

Key recommendations

CBN members who  would like to discuss the findings further are encouraged to contact secretariat@cb-network.org.

NCSC updates

Parliamentary questions

This month, members raised questions around data breaches of legal aid providers, civil contingency planning around CNI cyber attacks in Northern Ireland, maintaining common cyber standards with international partners. Members of the House of Lords raised questions on state-backed cyber attacks, the vulnerability of Government digital systems against cyber, and a question on the Afghanistan data loss incident.

Business & Industry

BBC Panorama report highlights the rising threat of ransomware attacks 

A recent BBC Panorama documentary explores how ransomware attacks continue to pose a significant threat to UK businesses, with incidents leading to severe operational disruption and, in some cases, business closure. 

The NCSC and NCA report a rising frequency and sophistication of such attacks, driven by both organised crime and individuals employing social engineering techniques. The current absence of mandatory reporting means the real extent of the issue may be underrepresented, and officials emphasise the growing national security risk posed by ransomware, noting the need for improved baseline cyber hygiene, organisational resilience, and consideration of further regulatory measures.

Cybersecurity professionals under increasing pressure from complex risks

A recent Bitsight report finds that UK cybersecurity leaders are under increasing pressure from complex risks, higher board expectations, and new compliance demands. While UK organisations are more likely than their global peers to monitor third-party cyber risks, few are able to turn this data into practical intelligence that informs decision-making or board discussions. 

Only a minority of firms have mature, well-aligned cyber risk management programmes, and compliance remains a low priority even as new rules come into force. Burnout amongst UK cybersecurity professionals remains high, with 59% of professionals reporting stress or exhaustion, and more than half of firms struggle to communicate cyber risks in terms the board understands. The report highlights a growing gap between monitoring activity and the ability to use that information to strengthen resilience and meet business goals.

Greater appetite amongst reinsurers to explore cyber-based diversification strategies 

Despite a recent series of international cyber-attacks targeting retail, the European cyber insurance market has maintained lower premiums, broad availability of cover, and more favourable terms for buyers. According to industry commentary, these incidents have not resulted in claim volumes or losses large enough to prompt a shift towards a harder market, and a significant systemic event would be needed to change current market conditions.

Softer market conditions in both primary insurance and reinsurance are prompting more reinsurers in 2025 to explore diversification strategies, with a particular focus on emerging risks such as cyber. The cyber insurance market is being identified as a key growth area as traditional lines see supply beginning to outpace demand. The evolving nature of cyber risk, limited historical loss data, and ongoing uncertainty over risk accumulation present a complex landscape for reinsurers. 

Events

Invitation: West Yorkshire ICB Distinguished Lecture Series

CBN members are invited to take part in the new West Yorkshire Integrated Care Board Distinguished Lecture Series. 

This programme, delivered in partnership with the West Yorkshire Innovation Hub, will run over the next year and feature expert speakers from the UK and abroad. Topics will include digital health, data-driven innovation, and technology in care.

Why attend?

Who can join?
The series is open to all staff across West Yorkshire’s health and care system, including digital and non-digital professionals, provider organisations, the VCSE sector, social care staff, and universities.

Register for the first session:
Click here to book your place

Feel free to share this invitation with colleagues. We hope you can join and benefit from these insightful events.

Invitation: Parliament & Cyber Conference 2025 – Sponsorship and Registration Now Open

CBN is hosting the inaugural Parliament & Cyber Conference on 24th November 2025 in the Houses of Parliament, Westminster. 

This event will bring together senior executives, parliamentarians, policymakers, and sector leaders to collaborate on the future of cyber resilience, innovation, and growth in the UK.

Why Attend?

Sponsorship Opportunities
Sponsoring the Parliament & Cyber Conference places your organisation at the centre of vital cyber policy conversations. Sponsors benefit from:

Registration – priority for full members
Due to limited capacity, registration is open to all but will prioritise full CBN members and event sponsors. To secure your place, please register your interest using the link provided. Multiple attendees from your organisation may be registered, but all emails are required.

Non-members and associate members are welcome to register but will be placed on a waiting list. To ensure your spot, consider upgrading to full membership or becoming an event sponsor.

Register your interest now to take part in the UK’s premier cyber security conference and help shape the future of national resilience.

For registration and sponsorship enquiries, please contact: Krystian@cb-network.org

About CBN

The Cybersecurity Business Network is a coalition of leading UK-based organisations committed to strengthening the nation’s cyber resilience, fostering innovation and supporting economic growth. Through collaboration and knowledge sharing, we empower our members to drive growth and set standards for excellence across the UK cyber sector.

As a member-led network, our ambition is to serve as the unified voice of the UK cyber industry, championing its interests, amplifying its potential, advocating for greater engagement and support from government, media, and the wider business community.

Membership to CBN is free for all cybersecurity organisations. If you are interested to hear more about CBN or want to become a member, then please reach out to secretariat@cb-network.org for more info.

CBN Newsletter | July 2025

Our monthly update to bring you the relevant, high-level policy and business news from across the cyber sector. 

This month, we take a look at the Government’s new Industrial Strategy, Cyber Growth Action Plan, and a raft of other public and private sector announcements.

If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch. 

never miss a thing

Sign Up to Hear about News and events

Sign up

Headlines

Government published Modern Industrial Strategy 

Last month, the Department for Business and Trade (DBT) unveiled its long-awaited Modern Industrial Strategy, a ten-year long plan to increase economic growth and foreign direct investment in the UK, which focuses on eight growth-driving sectors.. 

The strategy has a strong focus on cybersecurity, with Chapter 3.3 of the Digital and Technology Plan dedicated solely to cyber. Viewed as a driver of growth and security, the plan states that the Government will aim to attract investors and support innovation across cyber skills, R&D, infrastructure, regulation and international partnerships; this is also supported by the billions in extra funding awarded to the Department for Science, Innovation and Technology (DSIT) in the recent Spending Review. 

Key commitments include:

Separately, the  Government has also recently published the 10-Year Infrastructure Strategy, which pledged at least £725 billion in public funding over the next decade to update the UK’s economic and social infrastructure. 

Further, they also released the National Security Strategy (NSS); in recognising our reliance on digital infrastructure could increase vulnerabilities to cyber attacks, the strategy outlined the Government’s commitments to improving national security – most notably, it announced that a dedicated National Cyber Strategy will be published later this year to outline the Government’s approach to cybersecurity resilience, alongside a further Resilience Strategy targeting a broader range of risks and the upcoming Cyber Security and Resilience Bill, expected later this year. 

If you have any questions regarding the Government’s work in this area, please contact us at secretariat@cb-network.org. 

Cyber Growth Action Plan 2025

The government published the terms of reference for a new Cyber Growth Plan, which will identify possibilities for growth in the UK’s cyber sector. Led by Bristol University and Imperial College London, the recommendations are expected to be published “later this summer”. 

Specifically, the review will cover the supply and demand of cyber goods and services, such as protective monitoring and encryption, identifying potential areas to capitalise on as well as explore the possibilities associated with AI and quantum. The Plan will feed into the forthcoming National Cyber Strategy.


 

Insights

Why Cybersecurity Needs Storytellers

How comms can combat misinformation and build trust

Liva Emmatty, our Communications Lead here at CBN, writes about how cybersecurity is as much about people and trust as it is about technology. With social media now the main news source for over half the global population, the spread of misinformation can leave organisations exposed to confusion and reputational harm.

Communications professionals in cybersecurity have a crucial role in busting common myths, simplifying technical concepts through relatable storytelling, and engaging with policymakers to ensure cyber policy reflects real-world challenges, and can help organisations prepare for crises by monitoring misinformation and responding quickly and clearly.

Interested in learning more about how you can benefit from communications support? Reach out to the CBN secretariat at secretariat@cb-network.org

News Updates

Political and policy updates

UK and Canada commit to cybersecurity cooperation

The UK and Canada have agreed to increase collaboration on cybersecurity as part of their broader partnership. This includes joint efforts to counter malicious cyber activity, information manipulation, and digital transnational repression. 

The countries are launching the Joint Canada-UK Common Good Cyber Fund, with $5.7 million (£ ) in initial funding, to support civil society organizations at high risk from digital threats. Both countries will also work together to develop secure communications products, advance cryptography, and start new research partnerships to address gaps in AI security and improve AI models for national security purposes.

Ministerial comment on cyber and undersea cable threats

The Parliamentary Under-Secretary of State for Defence, Luke Pollard, said during a National Security Strategy Committee inquiry session that the Submarine Telegraph Act 1885, which imposes fines of up to £1,000 for cable sabotage, is somewhat “out of step” with modern-day risk, and the government may look to update the legislation in coming years. 

Telecommunications Minister Chris Bryant explained that while current laws are functional for peacetime, there is a gap in how the UK addresses “grey zone threats”. He explained that the government is looking at creating a defence readiness bill in future, as noted in the recent Strategic Defence Review. 

Threats to undersea cables pose a significant risk to the UK cyber industry by jeopardising the secure and reliable flow of data that underpins its operations and services. This session was part of a larger inquiry into the security of the UK’s undersea cables, which is set to be published later this year. 

Parliamentary report on Iranian cyber threats

report from Parliament’s Joint Intelligence and Security Committee has warned that Iran poses a significant and persistent cyber threat to the UK, on a par with those from Russia and China. 

The report, which is based on classified intelligence and expert interviews, highlighted the damage caused by Iranian cyber attacks targeting UK companies, as well as ongoing efforts by the Islamic Revolutionary Guard Corps (IRGC) to conduct hostile operations within the UK. It also outlines the various measures the UK has taken to respond, including “offensive cyber” and to address “cyber espionage”. 

Parliamentary questions

This month, members raised questions around ensuring the resilience of 6G infrastructure against cyber threats, the investigation into recent cyber attacks on Marks and Spencers and the support of high street retailers (also here) against these attacks. A member also asked about the safeguarding of air traffic control from cyber threats. Finally a member from the House of Lords raised a question on public cybersecurity vacancies and contracting. 

NCSC updates

Business Updates

Cyber security investment drives growth but threat landscape intensifies

UK businesses are generating an estimated £27bn in additional annual revenue from investing in cyber security, according to research by ESET, a global cyber security provider. The data shows that 53% of UK firms report increased turnover linked to cyber investment, with 70% of those attributing growth to winning new business due to strong cyber credentials. 

44% of firms reported that robust cyber security has enabled them to take more risks, such as entering new markets or adopting new technologies. However, the retail and public sectors remain frequent targets. ESET also found that 53% of UK firms have suffered at least one cyber attack, and that cyber crime has cost UK businesses £63bn in the past three years. 

It was further reported that 77% of firms plan to increase their cyber security budgets as they increasingly see digital resilience as a commercial asset rather than just risk mitigation. Despite this, only 12% fully outsource their cyber operations, and 69% have experienced ransomware breaches.

Four arrested over cyber-attacks on M&S, Co-op and Harrods

The National Crime Agency (NCA) said two 19-year-old men, a 17-year-old boy and a 20-year-old woman had been apprehended on suspicion of breaching the Computer Misuse Act, blackmail, money laundering and joining the activities of organised crime.

About CBN

The Cybersecurity Business Network is a coalition of leading UK-based organisations committed to strengthening the nation’s cyber resilience, fostering innovation and supporting economic growth. Through collaboration and knowledge sharing, we empower our members to drive growth and set standards for excellence across the UK cyber sector.

As a member-led network, our ambition is to serve as the unified voice of the UK cyber industry, championing its interests, amplifying its potential, advocating for greater engagement and support from government, media, and the wider business community.

Membership to CBN is free for all cybersecurity organisations. If you are interested to hear more about CBN or want to become a member, then please reach out to secretariat@cb-network.org for more info.

Founded by Clarity

Global digital marketing and communications agency, providing fearless marketing and consultancy to the world’s most progressive companies.

We match data-driven science with human ingenuity to expand our full-funnel, specialist services and expertise. Our vision is to accelerate positive change and impact across the world. A firm believer of cybersecurity as an enabler of growth and resilience, we are proud to driving its prosperous impact forward. Get in touch with secretariat@cb-network.org to understand more on how Clarity can enhance reputation, create impact, and drive growth in your organisations.


Former Minister for Digital and Broadband Matt Warman announced as Chair of Cybersecurity Business Network

This appointment signifies ambitious growth, impact and value of the network as it seeks to create a platform for collaboration across UK cyber

This appointment signifies ambitious growth, impact and value of the network as it seeks to create a platform for collaboration across UK cyber

The Cybersecurity Business Network (CBN), is delighted to announce the appointment of former UK Minister for Digital and Broadband, Matt Warman, as Chair of the CBN. Matt’s appointment comes at a critical time for the UK’s cybersecurity sector, as recent high-profile cyberattacks across sectors have underscored the urgent need for enhanced industry collaboration, resilience and the right regulatory approach.

As Chair, Matt will spearhead the continued growth of the network, engaging various stakeholders from the private and public sectors, and championing the UK cyber sector as CBN aims to become a single unifying voice for UK based cyber organisations.

I am delighted to be joining the Cybersecurity Business Network as Chair. The UK’s dynamic and innovative cybersecurity industry is in need of a strong voice as it becomes an increasingly important sector both for economic growth and strengthening resilience…

As we have seen in recent months, malicious cyber attacks and geopolitical threats have presented UK businesses and consumers with a clear warning about how destructive cyber attacks can be, and we need to stay ahead of the curve. CBN is leading the industry collaboration by linking government, industry, and the media to strengthen defences and promote growth.

Matt Warman, Chair of CBN and Former Minster for Digital & Broadband

During his tenure as Minister for Digital, Matt developed the Government Cyber Security Strategy alongside the NCSC to improve cyber resilience in the public sector. He stimulated growth of the UK’s cyber sector with a 21% increase in start-up and scale up UK organisations, created an environment that enabled approx £2.6 billion of public and private investment to strengthen resilience and lay the foundation for the UK to become a leading global cyber innovator. Prior to government, Matt was a renowned technology journalist and worked as the Technology Editor for the Daily Telegraph.

Since the start of 2025, CBN has grown its presence in the UK cybersecurity landscape by expanding its membership and strengthening its partnerships. A key milestone was helping to establish the All Party Parliamentary Group (APPG) for Cyber Innovation (CBN runs the Secretariat) alongside parliamentarians, including Dan Aldridge MP, which has enabled a forum for MPs to connect with industry on cybersecurity’s most critical challenges. This announcement comes on the back of the latest report by the APPG for Cyber Innovation which explored and provided feedback on the development of the UK’s first ever dedicated Cyber Security and Resilience (CSR) Bill expected later this year.

“We’re very pleased to welcome Matt as our new Chair. His leadership comes at a crucial time for our organisation as we continue to grow and work to ensure the cybersecurity sector is properly represented. The recent high-profile cyber-attacks are a stark reminder of the need for a strong and unified cybersecurity industry – not only for protecting people and businesses, but also for supporting the UK’s economy and overall resilience. With Matt at the helm, we’re looking forward to championing the sector’s value, driving innovation, and helping to secure both economic growth and public confidence.

Nick Lansman, Founder of CBN

In addition to acting as a spokesman for CBN, he will also play a central role at the network’s events, chairing and supporting members as CBN looks to bring together industry, politics and media to drive collaborative and productive outcomes.

“As Chair, I will look to build on the initial success of the network, helping its growth, unifying our member community and championing our cyber security sector, enabling greater growth and public confidence. As part of this, I am most looking forward to hosting our inaugural Parliament & Cyber Conference in November, which will be a landmark event for the sector and Government as we collaborate on the path to growth and resilience.”

Matt Warman, Chair of CBN

Discover new opportunities by becoming a member of CBN today!

Through proactive engagement, deep collaboration, and expert consultation, we convene leaders from across the cybersecurity industry.

Join us

Media contacts:

For any media queries, please contact secretariat@cb-network.org

APPG for Cyber Innovation publishes feedback on the CSR Bill

The Cyber Innovation APPG publishes feedback on the upcoming Cyber Security & Resilience Bill. In this document, the All-Party Group provides an initial view on the upcoming Cyber Security and Resilience (CSR) Bill. It has been informed through a survey with 89 respondents from across the cyber sector and beyond, as well as input from a parliamentary roundtable discussion held under the Chatham House rule that brought together 17 representatives from Managed Service Providers (MSPs), cyber companies, academics and other organisations. 

This document is aimed at supporting the development of the CSR Bill, and the Cyber Innovation APPG would be happy to facilitate further engagement between the Department for Science, Innovation and Technology (DSIT), Parliament, and the wider sector. The Bill provides a unique opportunity to improve cyber security and resilience in the UK.

The report collated the feedback from the APPG’s initial call for input and made clear some clear asks – notably the need for the Bill to widen its scope. As the first Act of Parliament to include “cyber” in the title, representing a fundamental step forward in how the UK approaches digital security. However, there is concern that this historic opportunity is too narrowly focused on compliance and prevention and not sufficiently ambitious in tackling some of the wider challenges that the UK faces.

This bill is a historic opportunity to strengthen the UK’s cyber resilience, but we risk falling short if we don’t listen to those on the frontline.

“We’re calling on DSIT to open up the conversation, coordinate across government, to provide a timeline and process for tackling the urgent issues that are deemed out of scope. By future-proofing regulations and giving parliament a clear role in oversight, we can make sure the UK remains secure and competitive in a rapidly changing digital world.”

Dan Aldridge MP, Chair of the APPG for Cyber Innovation
READ THE FULL REPORT HERE

Become a Full Member of the Cybersecurity Business Network

Connect. Collaborate. Shape the Future of Cybersecurity in the UK.

We’re excited to share that CBN’s refreshed Membership Programme is now live – and we’ve already welcomed several new companies into the network.

Our Full Membership offer is open to all UK-based organisations with a vested interest in cybersecurity and provides access to a growing community of like-minded businesses working to promote innovation, share insights, and shape the future of cyber in the UK.

For all those that have previously signed up to our network, we would ask you to fill out the registration form on our website via the link below to remain as full members of the association.

Full Membership
Fee: £750 + VAT per annum

Membership includes:


We’re looking forward to bringing more organisations into the community and continuing to support the growth of the UK’s cyber ecosystem.

For any queries, please contact: secretariat@cb-network.org

Policymakers join forces through an All-Party Parliamentary Group to propel the UK’s Cyber innovation

Aims to bridge the gap between policymakers and industry, stimulate collaboration across sectors

The Cybersecurity Business Network (CBN), a UK coalition of cybersecurity organisations looking to support and promote the cyber sector, announces its role as the Secretariat for the newly launched Cyber Innovation All-Party Parliamentary Group (APPG). The APPG will aim to break down complex cyber issues for policymakers, bringing together parliamentarians, industry leaders, academia and civil society to spark fresh ideas and drive innovation. 

The APPG is chaired by Dan Aldridge MP, with officers from all three major political parties: Liberal Democrat MP Max Wilkinson, Labour MP Sarah Edwards, and Conservative MP John Glen. Aldridge said, “The UK’s global cyber leadership position needs Parliamentarians to intentionally and meaningfully take an interest in its future, and we will do just that. This will be a different type of APPG – we will engage with the UK’s highly innovative cyber sector and look at how we as a Parliamentary community can support and grow the cyber ecosystem in the national interest.”

As the Secretariat, CBN will support the Group through an active events programme, and provide insights for Parliamentary members in order to foster a productive dialogue with industry and third-sector stakeholders around topics such as supporting the UK cyber ecosystem to grow, and ensuring Parliament and experts work together to make upcoming cyber legislation fit for an increasingly digital world.

Andrew Kernahan, Strategic Advisor at CBN said, “We are excited to serve as the Secretariat for the Cyber Innovation APPG, which will play a vital role in bringing together diverse perspectives from across the cyber ecosystem with Parliamentarians and policymakers. We believe the APPG will champion the UK’s thriving cyber ecosystem and its critical role in enabling modern society and driving economic growth.”

About Cybersecurity Business Network

Rebranded in 2024, Cybersecurity Business Network  aims to bridge the gap between government initiatives and private sector innovation. CBN provides a collective voice for our members, enabling them to engage with key stakeholders, shape national government policy, network with peers across the sector and cultivate new trade opportunities. Its  members represent a diverse range of companies which are invested in improving resilience, innovation and enabling economic growth. 

For more information, please visit our website – https://cb-network.org/

For more information on the Cyber Innovation APPG, please visit the website – https://cb-network.org/appg-for-cyber-innovation/

Media contact

For any media queries, please contact secretariat@cb-network.org

CBN Newsletter | January 2025

Our monthly update to bring you the relevant, high-level policy and business news from across the cyber sector. 

This month, we provide an update on two significant announcements from the UK government, an insights piece from out CBN comms lead, and our usual policy and business news. 

If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch. 

never miss a thing

Sign Up to Hear about News and events

Sign up

Headline News

Global Cybersecurity Outlook 2025
The World Economic Forum (WEF) has published its annual Global Cybersecurity Outlook report, which highlights the complexity of the cybersecurity landscape – intensified by geopolitical tensions and emerging technologies, interdependencies and cybercrime sophistication, governments, organisations and individuals are being challenged to adapt and innovate in order to ensure our continued security. 

Please see below for a longer analysis. 

Risk facing UK “widely underestimated”
The National Cyber Security Centre (NCSC) published its Annual Review 2024, drawing out key aspects and learnings from the agency’s work over the past year across four chapters – cyber threats; cyber resilience; the cyber market ecosystem; and future cyber technologies. 

Notably, it highlights geopolitics and the continuing cyber threat of nation-state actors – particularly China and Russia – against the UK’s critical national infrastructure (CNI), a point which was emphasised further by CEO Richard Horne in his first major speech. 

Launching the Review, Horne cautioned that cyber risks facing the nation from nation state actors are “widely underestimated”, and the UK is engaged in a “contest for cyberspace” with those seeking to use our “technology dependence” to disrupt daily life. The report indicated that there has been a sizable increase in the number of incidents handled by the organisation in the 12 months up to August 2024, with ransomware being the most pervasive threat.

UK: AI Opportunities Action Plan
The UK Government has published its “AI Opportunities Action Plan”, which lays out how it intends to employ artificial intelligence (AI) to boost economic growth and deliver more efficient public services, and is described as a “cornerstone” of the Government’s Plan for Change. 

Identifying three overarching goals, the Plan is broken down into 50 recommendations which give further detail and approximate timelines for when each will be implemented. Overall, the Plan takes a bold approach to AI, with the “safety” and “guardrails” approach from previous Prime Minister Sunak seemingly left behind. Interestingly, cyber (security) does not feature heavily, instead only mentioned briefly in terms of increasing talent and skills, as well the potential for regulation to actually drive innovation, rather than hinder it. 

If you have any questions about what these updates mean for the cyber sector or your business, or would like to engage with the Industrial Strategy consultation, please get in contact with us at secretariat@cb-network.org.

Enhancing communication between security and business leaders 

Written by Marco Bresciani, Cyber Risk Enthusiast and CBN Board Member

How can cybersecurity professionals bridge the gap between technical risks and business priorities? 

Communicating cybersecurity risks effectively to executives requires more than just technical knowledge – it needs data-driven, actionable insights.

Cyber risk quantification (CRQ) bridges this gap by offering an objective way to assess and communicate cyber exposure, enabling better decision-making and risk prioritisation. Frameworks like Open FAIR framework provide structured approaches, but challenges such as complexity, manual processes and static data have hindered adoption.

Early adopters show that success comes from aligning CRQ with business needs, leveraging available data and automating processes for efficiency. CRQ is now maturing into a vital tool for informed cybersecurity investment and risk management, proving that innovation thrives where determination exists. 

Read the full article from CBN Board Member Marco Bresciani, who delves into the evolving role of CRQ and its potential to revolutionise cybersecurity communication.

Image credit: Thinkstock

News Updates

Political and policy updates

CMA reform gains traction in the House of Lords
Lord Holmes of Richmond, supported by Lord Clement-Jones, tabled an amendment relating to the Computer Misuse Act (CMA) during the Lords Committee stage (day 4) debate of the Data (Use and Access) Bill. 

The amendment would have afforded a legal defence for legitimate cybersecurity activities, serving to provide stronger legal protections for cybersecurity researchers and professionals engaged in threat intelligence research, updating in provisions made in 1990 by the CMA. As noted by Lord Arbuthnot of Edrom, these amendments come in the context of the long-standing CyberUp campaign. The Lords urged the Government that the update is necessary for the UK to avoid falling further behind advancements in emerging technology, such as AI.

The Minister, Baroness Jones of Whitchurch, acknowledged the importance of having the correct legal framework to protect legitimate cybersecurity activities, and that the Government is committed to ensuring the CMA is updated, with the issue being investigated by the Home Office, as well as the NCSC and law enforcement agencies. 

The amendments were withdrawn. 

Regional skills projects to bolster UK cyber defences
The Government has announced £1.9m new private and government funding for 30 projects, delivered by local organisations, which will be targeted at boosting the UK’s cyber resilience by plugging skills gaps. 

First announced at a global cyber security meeting convened by the UK in September, these projects – delivered by organisations such as universities, local community groups and businesses – will tap into local “know-how” and partnerships to support initiatives which meet the needs of individual areas. The projects include programmes to upskill workers and improve diversity in the talent pipeline, ultimately serving to bolster the cyber workforce, drive growth, and improve economic and cyber security. 

Reaction system activated to track undersea infrastructure threats
Following reported damage to an undersea cable in the Baltic Sea, the UK and allies have launched a new UK-led reaction system to track potential threats to undersea infrastructure and monitor the Russian shadow fleet via the Joint Expeditionary Force (JEF). 

Second UK-EU Cyber Dialogue takes place in London
The second Cyber Dialogue between the EU and UK took place in London in December, during which representatives discussed respective approaches to cyber resilience; deterrence strategies; countering cybercrime; the Pall Mall Process; cyber skills; and cyber capacity building. 

The next dialogue will take place in Brussels in 2025. 

UK and Norway join forces to counter eavesdropping
The UK and Norwegian governments announced an agreement to collaborate more closely on research and development of technical security, to detect and expose eavesdropping devices. 

Under this agreement, the two nations aim to bolster their collective resilience against threats from hostile states. 

NCSC updates

Business and industry

Global Cybersecurity Outlook 2025
The World Economic Forum (WEF) has published its annual Global Cybersecurity Outlook report, which highlights the complexity of the cybersecurity landscape – intensified by geopolitical tensions and emerging technologies, interdependencies and cybercrime sophistication, governments, organisations and individuals are being challenged to adapt and innovate in order to ensure our continued security. 

Notably, the report marks a stark disparity between large and small organisations in terms of security capabilities – a trend which is reflected between the global north against the global south, and private versus public sector. 

Looking ahead to 2025, the report predicts that the world is entering an “unprecedented” era of complexity – with both national and international companies facing overlapping, increasing regulatory requirements  and greater dependence upon potentially insecure supply chains. 

It presents an “AI-cyber paradox”, threat actors employ new technologies to widen the threat to potentially disrupt human safety, as cyber defenders race to employ the same technologies to strengthen barriers against such attacks. Future technologies such as quantum computing offer “unprecedented” opportunities to accelerate security – and risk.  

The report concludes by highlighting that it is crucial for leaders to understand the cumulative impacts of this complexity on both organisational and national cybersecurity – and that the financial implications of a lack of cybersecurity measures should far outweigh the cost of implementing the measures. 

Cyber in the headlines: state-affiliated threats dominate landscape
Against the backdrop of rising geopolitical tensions, reports highlighting the ever-increasing rate of cyberattacks – particularly from state-affiliated groups – have dominated sector headlines. 

report from Cyfirma focused on the sharp increase in frequency and severity of attacks from Russian-affiliated groups such as Sandworm and APT29 over the course of 2024, targeting key areas in the UK and NATO allies such as critical infrastructure, governmental and defence organisations, and supply chains. 

At the same time, reports that Chinese state-affiliated Salt Typhoon hacker group carried out a series of high-profile attacks against US-based telecommunications companies has highlighted the possibility of similar attacks against UK equivalents. 

The NCC Group’s analysis of cyber threats in the UK highlighted a rise in ransomware attacks which featured a “blurring of lines between criminal and state-sponsored activity”, making way for more “sophisticated” attacks from a range of actors. Over three-quarters of attacks affected organisations in Europe and North America, particularly against “industrials” sectors, with Akira acting as the most active threat and new ransomware strain Ymir emerging as a dominant player. 

News of rising threats – or indeed from state-affiliated actors – may be nothing new, but recent reports taken together have indicated a refreshed awareness which we can expect to continue throughout this year; this is reflected by the NCSC’s Annual Review, and by the WEF’s Cybersecurity Outlook. 

Industry Event |GovTech Show and Exhibition 2025: Public Sector Innovation and Transformation

The Royal Society of Medicine, London
19th March 2025, 9am – 5pm

CBN is delighted to offer our members an exclusive opportunity to join the Institute of Government & Public Policy for their upcoming GovTech and Exhibitor 2025 event. 

In collaboration with Socitm, the Society for Innovation, Technology and Modernisation, the event will to reimagine how the public sector operates and serves citizens. It will tackle the barriers and challenges of transforming public services to meet demand head-on, and attendees will walk away with actionable insights on harnessing efficient, secure, and sustainable technology to deliver cost-effective, citizen-centric services.

Join IGPP in central London for an immersive journey where public sector professionals, policymakers, and the brightest minds in industry converge to explore the technological possibilities shaping the future of the UK public sector.

CBN is able to offer 20 exclusive free places to our members. If you are interested, register your place with sign up code: CLARITY100. 

Register for the IGPP event

About CBN

Our new mission is to bring together cybersecurity companies to network, learn and debate across three key pillars — trade and export, policy, and market insights. Our members will be enabled to promote their cybersecurity expertise and capabilities, strategically engage with key stakeholders and develop lasting relationships in key verticals, in a wider effort to influence government policy and promote innovation in the sector. 

The strategic direction of CBN is shaped by our Membership who benefit from increased brand exposure and engagement opportunities with key stakeholders in the cyber space, other key sector verticals, media, government and regulators.

Membership to CBN is free for all cybersecurity organisations. If you are interested to hear more about CBN or want to become a member, then please reach out to secretariat@cb-network.org for more info.

Founded by Clarity

Global digital marketing and communications agency, providing fearless marketing and consultancy to the world’s most progressive companies.

We match data-driven science with human ingenuity to expand our full-funnel, specialist services and expertise. Our vision is to accelerate positive change and impact across the world. A firm believer of cybersecurity as an enabler of growth and resilience, we are proud to driving its prosperous impact forward. Get in touch with secretariat@cb-network.org to understand more on how Clarity can enhance reputation, create impact, and drive growth in your organisations.