never miss a thing
Sign Up to Hear about News and events

Our monthly update to bring you the relevant, high-level policy and business news from across the cyber sector.
This month, we provide an update on two significant announcements from the UK government, an insights piece from out CBN comms lead, and our usual policy and business news.
If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch.
never miss a thing
Headline News
Global Cybersecurity Outlook 2025
The World Economic Forum (WEF) has published its annual Global Cybersecurity Outlook report, which highlights the complexity of the cybersecurity landscape – intensified by geopolitical tensions and emerging technologies, interdependencies and cybercrime sophistication, governments, organisations and individuals are being challenged to adapt and innovate in order to ensure our continued security.
Please see below for a longer analysis.
Risk facing UK “widely underestimated”
The National Cyber Security Centre (NCSC) published its Annual Review 2024, drawing out key aspects and learnings from the agency’s work over the past year across four chapters – cyber threats; cyber resilience; the cyber market ecosystem; and future cyber technologies.
Notably, it highlights geopolitics and the continuing cyber threat of nation-state actors – particularly China and Russia – against the UK’s critical national infrastructure (CNI), a point which was emphasised further by CEO Richard Horne in his first major speech.
Launching the Review, Horne cautioned that cyber risks facing the nation from nation state actors are “widely underestimated”, and the UK is engaged in a “contest for cyberspace” with those seeking to use our “technology dependence” to disrupt daily life. The report indicated that there has been a sizable increase in the number of incidents handled by the organisation in the 12 months up to August 2024, with ransomware being the most pervasive threat.
UK: AI Opportunities Action Plan
The UK Government has published its “AI Opportunities Action Plan”, which lays out how it intends to employ artificial intelligence (AI) to boost economic growth and deliver more efficient public services, and is described as a “cornerstone” of the Government’s Plan for Change.
Identifying three overarching goals, the Plan is broken down into 50 recommendations which give further detail and approximate timelines for when each will be implemented. Overall, the Plan takes a bold approach to AI, with the “safety” and “guardrails” approach from previous Prime Minister Sunak seemingly left behind. Interestingly, cyber (security) does not feature heavily, instead only mentioned briefly in terms of increasing talent and skills, as well the potential for regulation to actually drive innovation, rather than hinder it.
If you have any questions about what these updates mean for the cyber sector or your business, or would like to engage with the Industrial Strategy consultation, please get in contact with us at secretariat@cb-network.org.
Enhancing communication between security and business leaders
Written by Marco Bresciani, Cyber Risk Enthusiast and CBN Board Member
How can cybersecurity professionals bridge the gap between technical risks and business priorities?
Communicating cybersecurity risks effectively to executives requires more than just technical knowledge – it needs data-driven, actionable insights.
Cyber risk quantification (CRQ) bridges this gap by offering an objective way to assess and communicate cyber exposure, enabling better decision-making and risk prioritisation. Frameworks like Open FAIR framework provide structured approaches, but challenges such as complexity, manual processes and static data have hindered adoption.
Early adopters show that success comes from aligning CRQ with business needs, leveraging available data and automating processes for efficiency. CRQ is now maturing into a vital tool for informed cybersecurity investment and risk management, proving that innovation thrives where determination exists.
Read the full article from CBN Board Member Marco Bresciani, who delves into the evolving role of CRQ and its potential to revolutionise cybersecurity communication.
Image credit: Thinkstock
News Updates
CMA reform gains traction in the House of Lords
Lord Holmes of Richmond, supported by Lord Clement-Jones, tabled an amendment relating to the Computer Misuse Act (CMA) during the Lords Committee stage (day 4) debate of the Data (Use and Access) Bill.
The amendment would have afforded a legal defence for legitimate cybersecurity activities, serving to provide stronger legal protections for cybersecurity researchers and professionals engaged in threat intelligence research, updating in provisions made in 1990 by the CMA. As noted by Lord Arbuthnot of Edrom, these amendments come in the context of the long-standing CyberUp campaign. The Lords urged the Government that the update is necessary for the UK to avoid falling further behind advancements in emerging technology, such as AI.
The Minister, Baroness Jones of Whitchurch, acknowledged the importance of having the correct legal framework to protect legitimate cybersecurity activities, and that the Government is committed to ensuring the CMA is updated, with the issue being investigated by the Home Office, as well as the NCSC and law enforcement agencies.
The amendments were withdrawn.
Regional skills projects to bolster UK cyber defences
The Government has announced £1.9m new private and government funding for 30 projects, delivered by local organisations, which will be targeted at boosting the UK’s cyber resilience by plugging skills gaps.
First announced at a global cyber security meeting convened by the UK in September, these projects – delivered by organisations such as universities, local community groups and businesses – will tap into local “know-how” and partnerships to support initiatives which meet the needs of individual areas. The projects include programmes to upskill workers and improve diversity in the talent pipeline, ultimately serving to bolster the cyber workforce, drive growth, and improve economic and cyber security.
Reaction system activated to track undersea infrastructure threats
Following reported damage to an undersea cable in the Baltic Sea, the UK and allies have launched a new UK-led reaction system to track potential threats to undersea infrastructure and monitor the Russian shadow fleet via the Joint Expeditionary Force (JEF).
Second UK-EU Cyber Dialogue takes place in London
The second Cyber Dialogue between the EU and UK took place in London in December, during which representatives discussed respective approaches to cyber resilience; deterrence strategies; countering cybercrime; the Pall Mall Process; cyber skills; and cyber capacity building.
The next dialogue will take place in Brussels in 2025.
UK and Norway join forces to counter eavesdropping
The UK and Norwegian governments announced an agreement to collaborate more closely on research and development of technical security, to detect and expose eavesdropping devices.
Under this agreement, the two nations aim to bolster their collective resilience against threats from hostile states.
NCSC updates
Global Cybersecurity Outlook 2025
The World Economic Forum (WEF) has published its annual Global Cybersecurity Outlook report, which highlights the complexity of the cybersecurity landscape – intensified by geopolitical tensions and emerging technologies, interdependencies and cybercrime sophistication, governments, organisations and individuals are being challenged to adapt and innovate in order to ensure our continued security.
Notably, the report marks a stark disparity between large and small organisations in terms of security capabilities – a trend which is reflected between the global north against the global south, and private versus public sector.
Looking ahead to 2025, the report predicts that the world is entering an “unprecedented” era of complexity – with both national and international companies facing overlapping, increasing regulatory requirements and greater dependence upon potentially insecure supply chains.
It presents an “AI-cyber paradox”, threat actors employ new technologies to widen the threat to potentially disrupt human safety, as cyber defenders race to employ the same technologies to strengthen barriers against such attacks. Future technologies such as quantum computing offer “unprecedented” opportunities to accelerate security – and risk.
The report concludes by highlighting that it is crucial for leaders to understand the cumulative impacts of this complexity on both organisational and national cybersecurity – and that the financial implications of a lack of cybersecurity measures should far outweigh the cost of implementing the measures.
Cyber in the headlines: state-affiliated threats dominate landscape
Against the backdrop of rising geopolitical tensions, reports highlighting the ever-increasing rate of cyberattacks – particularly from state-affiliated groups – have dominated sector headlines.
A report from Cyfirma focused on the sharp increase in frequency and severity of attacks from Russian-affiliated groups such as Sandworm and APT29 over the course of 2024, targeting key areas in the UK and NATO allies such as critical infrastructure, governmental and defence organisations, and supply chains.
At the same time, reports that Chinese state-affiliated Salt Typhoon hacker group carried out a series of high-profile attacks against US-based telecommunications companies has highlighted the possibility of similar attacks against UK equivalents.
The NCC Group’s analysis of cyber threats in the UK highlighted a rise in ransomware attacks which featured a “blurring of lines between criminal and state-sponsored activity”, making way for more “sophisticated” attacks from a range of actors. Over three-quarters of attacks affected organisations in Europe and North America, particularly against “industrials” sectors, with Akira acting as the most active threat and new ransomware strain Ymir emerging as a dominant player.
News of rising threats – or indeed from state-affiliated actors – may be nothing new, but recent reports taken together have indicated a refreshed awareness which we can expect to continue throughout this year; this is reflected by the NCSC’s Annual Review, and by the WEF’s Cybersecurity Outlook.
Industry Event |GovTech Show and Exhibition 2025: Public Sector Innovation and Transformation
The Royal Society of Medicine, London
19th March 2025, 9am – 5pm
CBN is delighted to offer our members an exclusive opportunity to join the Institute of Government & Public Policy for their upcoming GovTech and Exhibitor 2025 event.
In collaboration with Socitm, the Society for Innovation, Technology and Modernisation, the event will to reimagine how the public sector operates and serves citizens. It will tackle the barriers and challenges of transforming public services to meet demand head-on, and attendees will walk away with actionable insights on harnessing efficient, secure, and sustainable technology to deliver cost-effective, citizen-centric services.
Join IGPP in central London for an immersive journey where public sector professionals, policymakers, and the brightest minds in industry converge to explore the technological possibilities shaping the future of the UK public sector.
CBN is able to offer 20 exclusive free places to our members. If you are interested, register your place with sign up code: CLARITY100.
Our new mission is to bring together cybersecurity companies to network, learn and debate across three key pillars — trade and export, policy, and market insights. Our members will be enabled to promote their cybersecurity expertise and capabilities, strategically engage with key stakeholders and develop lasting relationships in key verticals, in a wider effort to influence government policy and promote innovation in the sector.
The strategic direction of CBN is shaped by our Membership who benefit from increased brand exposure and engagement opportunities with key stakeholders in the cyber space, other key sector verticals, media, government and regulators.
Membership to CBN is free for all cybersecurity organisations. If you are interested to hear more about CBN or want to become a member, then please reach out to secretariat@cb-network.org for more info.
Founded by Clarity
Global digital marketing and communications agency, providing fearless marketing and consultancy to the world’s most progressive companies.
We match data-driven science with human ingenuity to expand our full-funnel, specialist services and expertise. Our vision is to accelerate positive change and impact across the world. A firm believer of cybersecurity as an enabler of growth and resilience, we are proud to driving its prosperous impact forward. Get in touch with secretariat@cb-network.org to understand more on how Clarity can enhance reputation, create impact, and drive growth in your organisations.
Author: Marco Bresciani, Cyber Risk Enthusiast – CBN Board Member
Security leaders experience a continual trade-off between what they want to achieve and the resources that the organisation is willing to give them, be it funding, tools, suppliers, or people. At the same time, their executives need to quantify the financial loss that the organisation will incur if that specific risk happens.
This is not trivial: Gartner at the London 2024 event pointed out the need to “mind the gap” when reporting cybersecurity to management, providing different stakeholders with information they can act upon.
As someone who has worked in the cybersecurity industry since 1996, I have worked with banks and other regulated industries across EMEA, and realised many leaders avoid risk quantification due to misconceptions about data needs and complexity.
In this article I will highlight why cyber risk quantification (CRQ) serves as a vital purpose for security leaders, fostering better discussions with executives. Also, I will explain how organisations can achieve significant improvements in decision-making and risk prioritisation by debunking the myths on data complexity.
CRQ has been the trusted method for actively communicating cyber exposure in an objective, well-grounded, and defensible manner for several years. It can be delivered in different ways. Most CRQ frameworks are based on the Value-at-Risk approach, developed in the Finance industry to measure the potential loss of investment portfolios.
A popular choice is the Open FAIR framework, an international, non-proprietary standard whose open nature and wealth of supporting documents helped increase its adoption by practitioners and consultants.
It’s important to remark that CRQ is not a replacement for a company’s risk management framework. The identification, analysis, evaluation, and treatment of risks are conducted as usual.
CRQ complements the qualitative output of common frameworks like COBIT or risk controls like ISO27000, by providing the “so what”, a means to compare losses deriving from risk scenarios, and the costs/benefits of mitigating actions.
Many organisations have tested CRQ in the past 5-8 years, often obtaining mixed results that made them question if introducing it in their risk management process was worth the effort. However, executives agree that when done right CRQ can foster confidence in security programs, by enabling informed decisions on cyber risk investments.
The initial stage of CRQ adoption highlighted some practical and some inherent problems:
Operationalising CRQ, even with a rigorous, well-structured, well-documented framework like FAIR, can be a real challenge.
How could we keep a CRQ initiative on the right path? The experience of early adopters suggest the following:
After the initial enthusiasm about a fresh new method and the sobering experience of delivering it, CRQ is maturing into a solid foundation to inform executive decisions about cyber risk.
More in general, CRQ is becoming an element of a broader data-driven approach to cyber risk management, where risk exposure is measured in quasi real-time, from within the organisation, across the third parties, and from the external threats.
Does it look too difficult? Remember that Lloyds made the first aviation insurance in 1911, when the “flying machine” industry was just 8 years old. Not much historical data was available to inform the decision, and possibly not many success stories too… Where there’s a will, there’s a way!
Our monthly update to bring you the relevant, high-level policy and business news from across the cyber sector.
This month, we provide an update on two significant announcements from the UK government, an insights piece from out CBN comms lead, and our usual policy and business news.
If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch.
never miss a thing
UK hosts NATO Cyber Defence Conference
On 25th November, the UK’s Chancellor of the Duchy of Lancaster, Pat McFadden, addressed the second ever NATO Cyber Defence Conference at Lancaster House to highlight the threat of Russian aggression in cyberspace and announce the launch of a new security research lab.
McFadden said NATO members need to work together to strengthen their collective cybersecurity, and must “not underestimate” the threat Moscow – and other adversaries including Iran, North Korea, and China – poses in a “hidden war”, consistently targeting critical national infrastructure. He highlighted that, after 75 years, Western allies “need NATO more than ever”.
Further, the Chancellor, who oversees all national security and resilience for the UK, unveiled a new Laboratory for AI Security Research (LASR), in recognition that AI is “revolutionising” national security. The Lab, which has been set up in partnership between the UK Government, academia and the private sector, will also seek collaboration with allies including NATO and Five Eyes nations to help create better defence tools and organise intelligence.
Separately, NCSC CEO Richard Horne is expected to make is first major speech today (3rd December 2024) since starting the role in October to highlight that hostile activity in UK cyberspace has increased in “frequency, sophistication and intensity” from nation-state actors, including Russia and China, who want to cause maximum disruption. His speech also launches the NCSC’s eighth Annual Review, released today.
Chancellor calls out fraud in Mansion House speech
Rachel Reeves delivered her first Mansion House speech as Chancellor of the Exchequer on 14th November to unveil a strategy for driving economic growth, boosting private investment, and reforming financial services. Overall, her speech was centred on public investment, addressing domestic challenges, and enhancing the UK’s role in finance.
Notably, she also called on technology and telecommunications companies to go further in addressing fraud, alongside law enforcement and coordinated efforts across sectors, ahead of the upcoming fraud strategy expected in spring 2025.
If you have any questions about what these updates mean for the cyber sector or your business, or would like to engage with the Industrial Strategy consultation, please get in contact with us at secretariat@cb-network.org.
The other frontline: UK Government recognition of cyber threats
Shortly after the Labour party came to power, the new Secretary of State for Science, Innovation and Technology Peter Kyle warned that Britain is “desperately exposed” to cyber threats and pushed for the new Cyber Security and Resilience (CSR) Bill to replace a previously expected AI Bill, in order to prioritise national security amid warnings from the NCSC of rising attacks on critical national infrastructure (CNI) organisations.
Fast forward a few months down the line and NCSC Head Richard Horne has cautioned that cyber risks facing the nation, particularly from nation-state actors including Russia and China, are “widely underestimated”. He went on to say that the UK “must improve” the defence and resilience of CNI, supply chains, the public sector and the wider economy.
Horne’s speech follows the message from Pat McFadden, Chancellor of the Duchy of Lancaster who, last week, highlighted the importance of international cooperation on cybersecurity at the NATO Cyber Defence Conference, and announced the launch of a new Laboratory for AI Security Research (LASR). In his speech, McFadden noted that the war in Ukraine “is also raging on another frontline, in cyberspace.”
Taken alongside the recent designation of data centres as CNI and a potential commitment to reform the Computer Misuse Act (CMA) it would seem that the UK government has a high regard for and strong focus on cyber – however, this recognition is clearly not enough, as recent high-profile attacks on NHS hospitals and Transport for London (TfL) publicly highlight the fragility of our networks, and reports on the vulnerability of SMEs crop up frequently.
As noted by the Times, there is “only so much the government can do”, particularly given the vulnerability of supply chains, yet it still bears the primary responsibility for our national security.
So outside of legislation, what is the role of government in shoring up the defences of UK businesses? How could it better capitalise on the potential of the British cyber ecosystem – is innovation and investment really prioritised, and is the procurement process fit for purpose?
CBN plans to look at these questions – and more – in 2025. We always welcome input from our members, so please get in touch with any thoughts!
If you have questions about how you can better communicate your services, ongoing media trend analysis or wish to engage with government affairs, please get in touch with the CBN team.
Policy and political
4th Republic of Korea-UK Cyber Dialogue held in London
The UK hosted the fourth Cyber Dialogue with the Republic of Korea, during which the two countries discussed a wide range of issues including threat deterrence strategies, private sector collaboration, cyber skills, and international cooperation.
NCSC updates
Business and industry
New UKRI-funded network to bolster UK’s cyber security research ecosystem
The Cyber Security Research and Networking Environment (CRANE) NetworkPlus, established by Oxford University’s Computer Science Department, has been awarded a £6 million investment from the UKRI Engineering and Physical Sciences Research Council (EPSRC).
Launching in 2025, the initiative aims to drive better cyber security across the economy and make businesses, charities, communities, and people more resilient against cyber threats.
UK retailers exposed to email fraud ahead of Black Friday
New research from cyber company Proofpoint reveals that 40% of top UK online retailers are not fully protecting customers from email fraud, leaving them vulnerable during the pre-festive shopping period.
The study found that only 60% of retailers have implemented Domain-based Message Authentication, Reporting and Conformance (DMARC) protection – an email authentication protocol designed to block fraudulent emails. While this is a slight improvement from 2023, many retailers still lack adequate security.
Amid holiday sales, the report urges consumers to use multi-factor authentication, avoid suspicious websites and verify deals to stay safe from phishing and fraud.
This report is based only on data collected by Proofpoint.
Our new mission is to bring together cybersecurity companies to network, learn and debate across three key pillars — trade and export, policy, and market insights. Our members will be enabled to promote their cybersecurity expertise and capabilities, strategically engage with key stakeholders and develop lasting relationships in key verticals, in a wider effort to influence government policy and promote innovation in the sector.
The strategic direction of CBN is shaped by our Membership who benefit from increased brand exposure and engagement opportunities with key stakeholders in the cyber space, other key sector verticals, media, government and regulators.
Membership to CBN is free for all cybersecurity organisations. If you are interested to hear more about CBN or want to become a member, then please reach out to secretariat@cb-network.org for more info.
Founded by Clarity
Global digital marketing and communications agency, providing fearless marketing and consultancy to the world’s most progressive companies.
We match data-driven science with human ingenuity to expand our full-funnel, specialist services and expertise. Our vision is to accelerate positive change and impact across the world. A firm believer of cybersecurity as an enabler of growth and resilience, we are proud to driving its prosperous impact forward. Get in touch with secretariat@cb-network.org to understand more on how Clarity can enhance reputation, create impact, and drive growth in your organisations.
Our monthly update to bring you the relevant, high-level policy and business news from across the cyber sector.
This month, we provide an update on two significant announcements from the UK government, an insights piece from out CBN comms lead, and our usual policy and business news.
If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch.
never miss a thing
Headline News
UK political update: the Budget and a “modern” Industrial Strategy
On Wednesday, 30th October, Chancellor Rachel Reeves presented the new Labour Government’s first annual Budget. With a reportedly dismal economic outlook yet a manifesto promise to bring growth, the Chancellor changed borrowing rules and increased the overall tax burden on the country by £40bn in order to increase investment in key sectors and public services.
Skirting around controversy of whether Labour broke its election manifesto commitment, the Chancellor continued the Government’s messaging of boosting growth and productivity and utilising innovative tech – especially in health, energy, defence and digital.
Notably, the Strategic Defence Review (SDR) was mentioned, in which the Government is considering cyber and digital “as a next step” as they develop their plans in this area. Other than defence, cyber was only mentioned in terms of improving the security of the NHS.
Ahead of the Budget, the Government had launched its “modern” Industrial Strategy and associated consultation, aiming to streamline funding into eight key sectors – manufacturing; clean energy; creative industries; defence; digital and technologies; financial services; life sciences; and professional and business service – in an aim to address challenges via a “cross-cutting” and “pro-business” approach.
While cyber is not mentioned in the Industrial Strategy, the consultation nonetheless plans to “focus on a range of technologies and their commercialisation, with a portfolio approach that backs smaller, less proven, and more disruptive businesses alongside larger, well-established businesses in existing sectors” under the context of investing in digital technologies, which presents a key opportunity for the sector to engage and raise its profile within government.
If you have any questions about what these updates mean for the cyber sector or your business, please get in contact with us at secretariat@cb-network.org.
Enhancing supply chain cybersecurity: positive storytelling and clear communication
Recent disruptions caused by global IT outages have shed light on how a lack of IT supply chain diversification fundamentally undermines resilience by concentrating risk. Over the last few months, many organisations have been considering the makeup of their supply chains, and the strength of their incident management and response plans, accordingly.
In a key insights article, CBN Communications Lead, Liva Emmatty, outlines the communication challenges faced by cybersecurity leaders and organisations in this context, and the value that powerful storytelling and clear communications can bring to cyber firms looking to boost reputations when trust is low.
If you have questions about how you can better communicate your services to customers or wish to speak to government about future solutions, please get in touch with the CBN team.
Building partnerships to protect the UK from cyber crime
In a speech to the PREDICT 2024 Conference, Home Office Security Minister Dan Jarvis said that “cyber security is national security” and highlighted how national security is the “foundation” for the Government to achieve its five missions.
He went on to say that the Government is considering reviewing the Computer Misuse Act (CMA), and in light of the spending review are reviewing several policy areas to enable and enhance security.
Five Eyes launch shared security advice campaign for tech startups
Cybersecurity guidance designed for technology companies, Secure Innovation, has been launched across Five Eyes nations, in an effort to protect the sector from national security threats, particularly originating from other nation states.
Originally a UK-only initiative from the National Cyber Security Centre (a part of GCHQ) and National Protective Security Authority (NPSA), tailored guidance is now available in Australia, Canada, New Zealand, the UK and the US.
The guidance helps companies to create a cost-effective, bespoke action plan which supports them to assess their levels of secure innovation and identify any necessary actions they need to take to protect their business.
G7 Cyber Expert Group recommends action to combat cyber risks from quantum
The G7 Cyber Expert Group (CEG) – chaired by the U.S. Department of the Treasury and the Bank of England – has recommended organisations have regard for the initial set of quantum-resilient encryption standards was released by the National Institute of Standards and Technology (NIST) and work to build resilience, particularly for sectors which hold highly sensitive information, such as the financial sector.
Cyber Essentials 10 years on
In a speech at the 10 year anniversary event for the Cyber Essentials scheme, DSIT’s Cyber Minister Feryal Clark highlighted the impact of Cyber Essentials for UK businesses, which are detailed in a new impact evaluation.
Further, she announced a new joint statement from DSIT, the NCSC, and the UK’s largest banks and building societies which aims to raise the levels of cyber security in critical national supply chains by exploring ways to expand the role of Cyber Essentials within their supplier assurance processes.
NCSC updates
Businesses struggle to manage supply chain cyber risk
Businesses are facing a growing challenge in managing supply chain cyber risks, according to a new report from cyber defence company Blue Voyant, in their fifth annual State of Supply Chain Defense report.
Despite 95% experiencing incidents in the last year, over half don’t regularly assess vendors for cybersecurity issues, and a third have no way of knowing when an incident occurs. This largely stems from a lack of resources and expertise, even though budgets for third-party cyber-risk management have increased.
Further, prioritisation of third-party cybersecurity risk management has decreased; key challenges include understanding how to penalise non-compliant vendors, meeting regulatory requirements, and ensuring compliance. On the other hand, UK businesses are more proactive than their global counterparts in briefing senior management on these risks, indicating an awareness of the issue at the highest levels.
If you want to learn more about supply chain cybersecurity resilience, check out CBN’s recent webinar for more insights from cyber leaders.
Bridging the gaps to cyber resilience
Significant gaps exist between perceptions of cyber resilience among top security executives and C-suite leadership, according to the 2025 Global Digital Trust Insights report from PwC.
Based on a survey of more than 4,000 business and technology executives across 77 countries, over two-thirds of technology leaders see cybersecurity as their top risk for mitigation – compared with less than half of business leaders. Despite this, CISOs are less likely to be involved in strategic planning, leading to a gap between CISOs and top C-suite executives over the company’s ability to comply with regulations, particularly those involving AI and critical infrastructure.
The report goes on to recommend that, in order to better communicate the need for cyber resilience, CISOs “share tech-enabled insights” and explain cyber priorities in business terms (cost, opportunity, risk).
Global threat report indicates increase in CNI cyberattacks
Cyber attacks on key critical national infrastructure (CNI) and supply chains continue to increase across the globe, according to data in Blackberry’s Q2 Global Threat Intelligence report.
Notably, the period of April – June 2024 was “one of the highest” quarterly percentage increases in unique malware samples per day since their reporting began. The United States received the highest number of attempted attacks, followed by Japan, South Korea, Australia and Canada.The report does not go into detail on why these countries have received the most attacks, and although mentioning that the attacks came from both state and non-state actors, did not clarify further.
While organisations are implementing measures like data encryption, fewer than half verify their suppliers’ cybersecurity compliance. The report stresses the urgent need for improved visibility and monitoring of software supply chains to reduce vulnerabilities.
To note, this report is based only on data collected by Blackberry in its internal systems.
Our new mission is to bring together cybersecurity companies to network, learn and debate across three key pillars — trade and export, policy, and market insights. Our members will be enabled to promote their cybersecurity expertise and capabilities, strategically engage with key stakeholders and develop lasting relationships in key verticals, in a wider effort to influence government policy and promote innovation in the sector.
The strategic direction of CBN is shaped by our Membership who benefit from increased brand exposure and engagement opportunities with key stakeholders in the cyber space, other key sector verticals, media, government and regulators.
Membership to CBN is free for all cybersecurity organisations. If you are interested to hear more about CBN or want to become a member, then please reach out to secretariat@cb-network.org for more info.
Founded by Clarity
Global digital marketing and communications agency, providing fearless marketing and consultancy to the world’s most progressive companies.
We match data-driven science with human ingenuity to expand our full-funnel, specialist services and expertise. Our vision is to accelerate positive change and impact across the world. A firm believer of cybersecurity as an enabler of growth and resilience, we are proud to driving its prosperous impact forward. Get in touch with secretariat@cb-network.org to understand more on how Clarity can enhance reputation, create impact, and drive growth in your organisations.
The Cybersecurity Business Network (CBN) was delighted to host a webinar on supply chain resilience. Developed in response to the recent global IT outage, which exposed how reliance on only a few key suppliers can weaken critical systems, the webinar explored how businesses and policymakers can address the growing issue of how a lack of diversification in IT supply chains can increase the risk of major outages. The webinar brought together experts from cybersecurity, healthcare and academia to discuss ways to strengthen supply chain resilience and manage these risks. Below are some key takeaways from the event.
Dr. Melanie Garson, Cyber and Tech Geopolitics Lead at the Tony Blair Institute, opened the discussion by examining the global geopolitical landscape’s impact on supply chains. She emphasised the rising uncertainty and the interconnectedness of these risks, describing the current state as “a geopolitical state of upheaval.” According to Garson, the world’s IT supply chains are more vulnerable than ever due to increased global tensions and organisations must better anticipate the disruptions arising from cyberattacks and broader geopolitical events.
Simon Newman, Director of the Cyber Resilience Centre for London, reinforced this perspective by highlighting how attackers are now focusing on smaller, more vulnerable entities in supply chains. Newman also stressed the importance of enhanced collaboration across sectors, including law enforcement, to address these increasing vulnerabilities.
“As larger organisations have boosted their cybersecurity significantly, criminals are now targeting weaker entry points”, he explained, noting that smaller organisations often lack the resources to defend themselves effectively.
Simon Newman, Director of the Cyber Resilience Centre for London,
The healthcare sector’s supply chain vulnerabilities were a particular focus, with Rachel Dean, Head of Cybersecurity at NHS Supply Chain, providing insights. Dean emphasised that a successful cyberattack on the NHS’s supply chain could directly affect patient care.
“A successful cyberattack and the resulting inability to deliver operations impacts directly on the NHS’s ability to deliver patient care, which can have critical outcomes,” she warned.
Rachel Dean, Head of Cybersecurity at NHS Supply Chain
With a supply chain of over 6,000 suppliers, Dean explained the significant challenges in ensuring that each supplier meets necessary cybersecurity standards while avoiding creating barriers for smaller, critical suppliers.
On the regulatory side, Tim Rawlins, Director and Senior Advisor at NCC Group, discussed how regulations are evolving to address supply chain vulnerabilities.
“Regulators are increasingly focusing on requiring organisations to escrow software from their suppliers to reduce risk.”
Tim Rawlins, Director and Senior Advisor at NCC Group
While regulation is a key driver of improvement, Rawlins stressed that organisations themselves must take proactive steps to manage third-party risks and understand how disruptions in one part of the supply chain can have wide-reaching consequences.
Watch the Cybersecurity Business Network (CBN)’s webinar on ‘Building Resilience: How UK Cybersecurity Organisations Can Bolster IT Supply Chains’.
The recent global outage – followed by a DDoS cyber attack on Microsoft Azure highlighted a major issue with contemporary IT supply chains: the lack of diversification and a concentration of risk undermining the resilience of critical IT systems.
The discussion explored:
– Factors that led to the recent disruption and outage – Inherent risks of failing to diversify a security supply chain – How organisations can better manage their supply chains to improve resilience
– How the healthcare and telecom sectors have been managing their supply chain
– Role that UK cybersecurity organisations could play in improving resilience and mitigating risks
– Support needed by the UK cybersecurity sector from government to capitalise on the role it can have in delivering resilience
Speakers include:
– Andrew Kernahan, Strategic Advisor, Cybersecurity Business Network.
– Tim Rawlins, Director & Senior Adviser at NCC Group
– Simon Newman, Director at Cyber Resilience Centre London
– Dr Melanie Garson, Technology & Cyber Geopolitics Lead at Tony Blair Institute
– Rachel Dean, Head of Cyber Security at NHS Supply Chain
Our monthly update to bring you the relevant, high-level policy and business news from across the cyber sector.
This month, we provide an update on the new Labour government’s priorities, and highlight what the CrowdStrike incident could mean for cyber businesses.
If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch.
never miss a thing
Headline news
New government sets out priorities
The Labour Party swept into power on 5th July, winning a near-historic 411* seats, while the Conservative share collapsed for its worst-ever result. Over the past weeks, Keir Starmer’s government has wasted no time in setting a new tone for the country; however, while the cyber sector has largely welcomed the new government’s focus on cyber security national resilience, its impact is largely yet to be felt as Parliament breaks for recess, returning 2nd September.
King’s Speech: legislative priorities
In July, King Charles addressed the nation during the State Opening of Parliament, to set out the Government’s policy priorities and legislative programme for the coming year. In line with previous promises, Prime Minister Keir Starmer placed a primary focus on driving economic growth.
With 40 new(ish) bills, it is an ambitious programme which promises to “take the brakes off” the economy and reaffirm financial stability. Measures include boosting construction, reforming energy production, re-nationalising the railways, developing UK skills, and increasing and improving the use of data and digital technologies in the economy.
Chancellor’s financial statement
On 29th July, Chancellor Rachel Reeves declared a £22bn “hole” in the country’s finances. Although disputed by former Chancellor Jeremy Hunt, Reeves has been backed up by the Office for Budget Responsibility (OBR), which has formally launched a review of the Spring Budget forecasts.
Reeves then announced a number of areas where the government intends to save money – including selling off “surplus” government property, a reduction in the use of external consultants in Whitehall and a pause on certain infrastructure projects. Tax rises are now expected in the October 30th Budget, alongside the outcome of a formal spending review for 2025-2026.
A cyber lens
Notably, a Cyber Security and Resilience (CS&R) Bill will be introduced to ensure the security of critical infrastructure and digital services, building on Security of Network & Information Systems Regulations (NIS Regulations) 2018. DSIT Minister Feryal Clark also recently said that the CS&R Bill will be designed to strengthen the UK’s defences and ensure the services – private and public – that companies rely on are protected.
Further, Science, Innovation and Technology Secretary Peter Kyle said that national resilience – particularly in relation to cyber security – “suffered terribly” under the Conservatives due to division within the party. He claimed that he only became aware of the significance of the threat upon taking office, but concern led him to “put forward a request” for the new CS&R Bill, which had “national security priority”.
Separately, the Government has launched a “root and branch” Strategic Defence Review which, led by three external experts, will consider the threats Britain faces, the capabilities (including digital and cyber) needed to meet them, the state of UK armed forces and the resources available. The Review is expected to be delivered “at pace”, with submissions invited until the end of September and the report delivered in the first half of 2025.
*Now 404 following the temporary suspension of seven MPs
If you have any questions about what the election and policy developments means for the cyber sector or your business, please get in contact with us at secretariat@cb-network.org.
How resilient is our global IT infrastructure?
On Friday, 19th July, 8.5 million Microsoft Windows computers around the world crashed, causing chaos and disruption for businesses and services including airlines, banks and hospitals.
While cyber security firm Crowdstrike quickly confirmed the outage was caused by a defective software update for its Windows hosts and worked to resolve the issue, the incident nonetheless called attention to the precariousness of IT infrastructure – and what could happen if an attack was carried out by malicious actors, as was then seen last week with the Microsoft Azure DDoS attack and subsequent software failure.
Businesses across the world are now asking themselves two questions – firstly, their place within the global supply chain and the strength of their incident management and response plans, as highlighted by the NCSC. And secondly – how can they prevent future incidents from affecting them?
Although some companies may look to bring their IT security functions in-house, this is not an option for all organisations, who may start seeking to diversify their software and other security application suppliers.
In light of the government’s upcoming CS&R Bill, the sector will be watching closely for strategic direction from officials on how they will look to improve resilience and “insulate” society and the economy from future attacks.
At the same time, the cyber sector as a whole has the responsibility and opportunity to not only highlight the importance of having a robust cyber resilience programme, but also to ask questions about the concentration of risk – given 62% of the global external attack surface is covered by 15 companies – and the long-term viability of this landscape.
In light of this, keep an eye out for an upcoming CBN webinar which will bring together policymakers and key supply chain sector leaders to provide insights for members on what this means for the sector, and how we can make improvements going forward.
If you have questions about how you can better communicate your services to customers or wish to speak to government about future solutions, please get in touch with the CBN team at secretariat@cb-network.org.
News & Updates
Policy and political
Government extends call for views on the Cyber Security of AI
Originally published in May, before the General Election, the closing date for the government’s call for views on the Cyber Security of AI has been extended to this Friday, 9th August.
The call for views sets out specific interventions to help secure AI, so that the benefits of AI can be realised, and asks for input as to whether industry would support the gov creating a global standard for AI cyber security. To note, a “call for views” is often an initial information-gathering exercise which will go on to determine formal proposals and policy.
If you have any questions about responding to this or other a government consultations, please get in touch with the CBN team.
G7 countries to establish operational tech cybersecurity framework
In a statement following a summit in Italy, the Group of Seven (G7) countries acknowledged the rising cyber threat to critical infrastructure, particularly energy, and agreed to “explore avenues towards establishing mutual recognition of schemes for reliable cyber-safe products.”
The potential collective framework would apply to both manufacturers and operators, as the statement signals an intention to incentivise tech companies to build more secure Internet of Things (IoT) products. This move was in conjunction with the United States’ recent Supply Chain Cybersecurity Principles, as indicated by a statement from the White House national security advisor.
UK statement at the UN Security Council
UK Permanent Representative to the UN, Ambassador Barbara Woodward, gave a statement at the UN Security Council regarding the importance of addressing cyber threats to protecting global security. She highlighted four “trends” – the prevalence of ransomware, expansion of artificial intelligence, malicious activities on the global stage, and the risk of disinformation – going on to indicate the UK’s work in this area.
NCSC updates
Business and industry
ICO officially “reprimands” Electoral Commission
The Electoral Commission, which oversees UK elections, has been formally reprimanded by the Information Commissioner’s Office (ICO) over the security lapse which left millions of UK voters’ personal details “vulnerable to hackers”.
Following the 2021 breach, hackers had access to the Electoral Register for just over a year, until they were detected and “booted out” in 2022. The ICO’s investigation found the Electoral Commission did not have appropriate security measures – including secure passwords and up-to-date patches – in place to protect the personal information it held, which led to the breach.
UK faces significant cyber funding and skills gap
A new report, Underfunded and Under Reported: Threats, Breaches, and Budgets, reveals the CISOs face significant problems from a lack of funding, exacerbated by a lack of talent, tools, and time. Notably, 83% of respondents feel their organisation has a gap in its cyber skills, yet they struggle to access adequate talent.
NCA leads international operation to crack down on unlicensed pen testing
The National Crime Agency (NCA) worked with international partners to coordinate global action against unlicensed versions of Cobalt Strike.
CyberThreat 2024
The NCSC and SANS Institute announced that CyberThreat 2024, an event designed for security practitioners with a strong technical emphasis, will take place on 9th-10th December.
Our membership is free to cybersecurity organisations and offers them opportunities to promote capabilities, share insights and develop lasting relationships
Introducing our new CBN Newsletter
Our monthly update to bring you the relevant, high-level policy and business news from across the cyber sector.
This month we take a look back at our relaunch event at the end of April, update you on the latest election developments and give you a breakdown of the recent McPartland review into ‘Cyber Security and Economic Growth’ .
If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch.
Headline news
Prime Minister calls surprise General Election
On the 4th July UK voters will head to the ballot box to vote in the 2024 General Election. Labour is currently polling strongly with an estimated 45% vote share and expected to win a significant majority after nearly fifteen years of Conservative government.
The campaign will focus on bread and butter issues like the economy and security with cyber unlikely to be front and centre, but a week and a half in to the campaign and cyber has been raised by both Conservatives and Labour – the former as part of a new National Service policy, the latter as part of their defence review as Labour commit to a strategic defence review in the first year of government. Aside from the parties, the Joint Committee on the National Security Strategy called for the PM to defend UK democracy, raising several concerns about the potential threats posed by foreign nations that may undermine the outcome of the election. The NCSC also recently launched a personal protection service for election candidates and officials, as part of a wider package of cyber support.
McPartland Review into Cyber Security and Economic Growth
Stephen McPartland MP published his final report and recommendations, the McPartland Review of Cyber Security and Economic Growth.
The report identifies 16 high-level “non-legislative” recommendations which span investment, skills, resilience and governance, crime and net zero.” Some recommendations include:
Although “warmly welcomed” by Government, it cannot be officially published until after the election due to the dissolution of Parliament and the purdah period, and there are questions around its implementation under a new government.
Our membership is free to cybersecurity organisations and offers them opportunities to promote capabilities, share insights and develop lasting relationships
Political and policy updates
Cyber UK 2024
CyberUK, the UK government’s “flagship” cyber security event, took place in Birmingham last week. Notably, the DSIT Minister for Tech and the Digital Economy, Sadiq Bhatti MP, made a range of announcements, including a call for views on the new Code of Practice on the Cyber Security of AI & Software Vendors; the future direction of CyberFirst; and figures of growth in the UK cyber security sector.
The figures, which constitute a cyber security sectoral analysis, find that the total annual revenue within the sector has increased by 13% in the past year – considerably higher than the slower growth in the previous study (3%) – and that the sector has grown by 5%, adding 2,700 new jobs. In addition, they estimate total GVA for the sector has reached c. £6.5 bn, reflecting an increase of 4% since last year’s study.
Other speeches:
Note: due to the election, the announcements made by the Minister may not be carried through by the next Parliament. We will share an update when possible, but please get in touch if you have any questions.
Statement from HM Government on the adoption of UK Cyber Security Council standards
The government committed to strengthening standards by embedding UK Cyber Security Council standards across its cyber workforce by 2025. This includes defining necessary competencies, introducing training programs, and encouraging skill improvement. Critical National Infrastructure (CNI) regulators will recognise these standards and collaborate with the government. The Cyber Growth Partnership (CGP) will support the Council with industry backing.
Cybersecurity of elections
A briefing from the Parliamentary Office of Science and Technology (POST) examines the impacts of cyber threats on election outcomes and mitigation strategies. It highlights the evolving nature of these threats, including misinformation and AI-generated content, and identifies risks such as ransomware, data leaks, and attacks on high-profile individuals. The briefing also outlines relevant cybersecurity policies, challenges in addressing these risks, and suggestions for preventing cyber attacks.
NCSC updates – May 2024
UK not heeding warning over China threat, says ex-cybersecurity chief.
Ciaran Martin, former head of the NCSC, warned that the UK isn’t taking the threat of Chinese cyber-spying seriously enough, citing US warnings about Chinese hackers targeting critical infrastructure. He urged the UK to declare attacks on civilian infrastructure as unacceptable and called for stronger government action. Martin supports proposed measures for mandatory ransomware attack reporting and regulating ransom payments, emphasising increased vigilance against this threat.
Global digital marketing and communications agency, providing fearless marketing and consultancy to the world’s most progressive companies.
We match data-driven science with human ingenuity to expand our full-funnel, specialist services and expertise. Our vision is to accelerate positive change and impact across the world. A firm believer of cybersecurity as an enabler of growth and resilience, we are proud to driving its prosperous impact forward.
Business and industry
NCC Group: Digital Dawn: Cyber Security Policy in the Wake of Political Change
The NCC Group released a new cyber policy report for incoming (and existing) governments and policymakers across the world their roles in securing cyberspace, highlighting challenges and opportunities.
Opportunities include cross-party agreement on cybersecurity’s importance, strong existing regulations, and a “whole-of-society” approach. Challenges involve limited resources, lack of specific responsibility, keeping up with emerging technology, and protecting smaller organisations.
One in three organisations looking to improve cybersecurity
According to research from Daisy Corporate Services, while almost two-thirds of UK organisations are likely to be looking to reduce costs over the course of this year, leaders are prepared to invest in services such as cloud and cybersecurity, as they look to unlock operational performance improvements and streamline their current technology supply chain.
70% of CISOs concerned about material cyber attack
Chief information security officers around the globe “are nervously looking over the horizon,” according to a survey of 1,600 CISOs with more than two thirds (70 percent) concerned their organisation is at risk of a material cyber attack over the next 12 months.
These figures are striking. highlighting an increase from 48% in 2022, with those in South Korea, Canada and the US most concerned. 43% of those surveyed said their organisation is not prepared for a cyber attack.
Stephen McPartland MP and UK security community discuss the ‘Cyber Security and Economic Growth’ review at the launch of Cybersecurity Business Network
Today, the newly founded Cybersecurity Business Network (CBN) announces the launch of its community, aiming to drive positive change within the UK cybersecurity sector amid the increasingly complex cyber threat landscape. The inaugural event of the CBN was held on 30 April, during which the Right Honourable Stephen McPartland MP discussed the independent review on ‘Cyber Security and Economic Growth’.
“With over 99% of UK businesses classified as SMEs, cybersecurity must be simplified to ensure safety throughout the supply chains. It’s time to change the narrative around cybersecurity, viewing it not just as a security measure, but as a driver for resilience, trust, job creation and, ultimately, as an enabler of growth,” noted McPartland.
“Establishing the CBN is a necessary step forward in an era of escalating cyber threats, continuing to strengthen the UK’s position as one of the tech superpowers.”
Our Mission
The CBN’s core mission is to facilitate collaboration, learning, and discourse across three pillars: Trade and Export, Policy, and Market Intelligence. By empowering its members to showcase their expertise, engage strategically with stakeholders, and foster lasting partnerships across key sectors, the CBN aims to drive policy influence and catalyse innovation within the UK cybersecurity sector.
“With the emergence of new threats and a rise to prominence of malicious nation state actors, it is important that the cybersecurity sector engages with the Government to ensure that effective cybersecurity solutions are understood and utilised as an enabler across both the public and private sectors,” said Nick Lansman, Co-Founder at Cybersecurity Business Network.
“The event was a great example of how industry and government can come together to discuss how this vibrant sector enables economic growth and resilience for the UK as a whole. We’re looking forward to consolidating the UK’s position as the best place in the world for innovative cybersecurity solutions.”
Who shared their insights?
The event also featured thoughts from other leading voices in the UK cybersecurity sector, including Juliette Wilcox, UK Cyber Ambassador as well as cyber experts from Garrison Technology, Armour Comms and NCC Group.
“As a nation, we need to think more openly about marketing cyber initiatives and UK excellence in cyber, and highlighting these carefully through cybersecurity strategy to proactively drive change in the cybersecurity sector. The CBN will be an instrumental network for UK cybersecurity businesses, acting as a conduit for supporting political cut through,” said Imogen Frearson, Government Engagement Lead and Head of Marketing at Garrison Technology.
The CBN has evolved from the former Transatlantic Cyber Security Business Network (TCBN), which has been rebranded and restructured to tailor services to a predominantly UK membership. For those interested in joining the free membership of CBN or learning more about how they can contribute to and benefit from this initiative, please visit https://cb-network.org/
Join the network below:
Our membership is free to cybersecurity organisations and offers them opportunities to promote capabilities, share insights and develop lasting relationships
Remember when ransomware attacks were a simple case of cyber criminals preventing access to a target’s files until a ransom was paid? Now, as organisations become more adept at protecting themselves from traditional ransomware attacks, cyber criminals are increasingly adopting more aggressive methods to profit from their attacks.
These include developments in which the attackers not only block access to the victim’s files but threaten to publicly release the organisation’s data. They can also add DDOS attacks to encryption and data exposure threats and directly contact individual stakeholders of an organisation whose personal details have been stolen.
The increasing aggression of cyber attackers will need to be matched by increasingly innovative cybersecurity solutions and practices.
Meanwhile, in advance of the widespread emergence of quantum computing, state-based actors and cyber criminals are known to be harvesting large amounts of critical but currently encrypted data from the web via HNDL (harvest now, decrypt later) attacks. These encrypted files are being stored away until the widespread emergence of quantum computing when the massive uplift in processing power it affords will make it quick and easy to decrypt data that is not currently accessible. The US government is sufficiently concerned about this development that it has just passed the Quantum Computing Preparedness Act, which includes a number of measures requiring federal agencies to prepare to address the cyber threats posed by quantum computing and to adopt quantum safe encryption.
Where the government leads in this area, industry must surely follow. Companies need to start preparing plans now to ensure their systems are quantum-safe going forward.
We would love to hear your thoughts on the main concerns facing you and your customers in 2023 – let us know here: secretariat@transatlantic-cyber.net
In December, the Transatlantic Cyber Security Business Network circulated an Expression of Interest survey to our members to canvass opinions about attendance at RSA 2023.
This year, we are working with the Department for International Trade (DIT) to help collect views on how the UK Government can enhance opportunities for companies who plan to visit or exhibit at the conference in San Francisco.
If you are a UK cyber company hoping to attend RSA and are interested in engaging on what form of support and engagement you want to get in April, then please submit your answers to the following:
The survey will remain open for input until 20 January 2023.
As a reminder, for those members attending – RSA will be running their annual Innovation Sandbox Contest, offering cybersecurity’s boldest new innovators to compete and put the spotlight on their potentially game-changing ideas.
In 2023, 10 finalists will again have three-minutes to make their pitch to a panel of judges while demonstrating groundbreaking cybersecurity technologies to the broader RSA Conference community. Since the start of the contest, the top 10 finalists have collectively seen over 73 acquisitions and raised over $11.46 billion in investments.
Submissions will be open from January 10, 2023 through February 10, 2023 at 8 PM PT.
never miss a thing
Lorem ipsum dolor sit amet consectetur. Vitae massa odio ultrices pretium quis ut augue quis nulla. Non nisl sit.