CBN Newsletter | January 2026

Our monthly update bringing you the relevant, high-level policy and business news from across the cyber sector. 

This month, we take a look at the newly released Cyber Action Plan, the long-awaited second reading of the Cyber Security and Resilience Bill, where the House of Commons will take its first opportunity to scrutinise the main aspects of the Bill, as well as a number of high-profile cyber incidents that occurred as 2025 was wrapping up.

If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch.

never miss a thing

Sign Up to Hear about News and events

Sign up

Headlines

Cyber Security and Resilience Bill undergoes second reading in the House of Commons

Today, the Cyber Security and Resilience Bill has undergone its second reading in the House of Commons. The Bill is set to be passed through the lower house, with the expectation of Royal Assent in mid-2026. 

The legislation represents the most significant effort to date in modernising the UK’s cyber framework by expanding the scope of regulated services, strengthening reporting requirements, and providing regulators with enhanced tools to enforce compliance. The legislation further develops the UK’s NIS regime, bringing it closer in line with the EU’s NIS2 directive.

The legislation aims to establish new definitions for relevant digital service providers (including online marketplaces, search engines and cloud computing services), and incidents (to include events capable of affecting network and information systems, even where no data has been compromised) 

The Bill will mandate 24-hour initial incidence reporting, with a full report required after 72 hours, as well as widening the range of organisations subject to cybersecurity standards, introducing data centres, as essential services under joint oversight from Ofcom and the Secretary of State for DSIT.

Following its second reading, the Bill will enter committee stage, where a detailed clause-by-clause examination will take place. During this process, Parliament will look to agree more complete definitions of which entities are in scope, what the exact penalty regimes may be for non-compliance, and specify more detailed security and resilience requirements.

During committee stage, cyber industry experts may wish to appear as oral witnesses, or submit written evidence to the Public Bill Committee when it calls for it. 

If you have any questions around the Bill, or any amendments that parliament may propose in the Bill’s second reading, please contact secretariat@cb-network.org.

Government announces Cyber Action Plan to strengthen resilience and incidence reporting for public sector and government departments

Prior to the second reading of the Cyber Security and Resilience Bill, the government announced its Cyber Action Plan on the morning of the 6th January 2026. The plan aims to strengthen cyber defences and digital resilience across government departments and the public sector, backed by over £210m of government funding. It is notable that the £210m of funding is far less than the similar £2.6bn pledged in the 2022 National Cyber Strategy for modernising public sector legacy systems to become more resilient.

Driven by a newly formed ‘Government Cyber Unit’, this plan supports a wider strategy by the government to digitise public services, improve online service accessibility, reduce times spent in online queues, and centralise access to government support and resources.

The plan focuses on achieving clearer visibility of cyber risks across government departments, acting to strengthen mitigation efforts and implementing faster and more robust incident response procedures.

Additionally, the government has announced the Software Security Ambassador Scheme, which aims to reduce software supply chain attacks through a new Software Security Code of Practice. Cisco, Palo Alto Networks (PAN), Sage, Santander and NCC Group have agreed to act as ambassadors for the scheme.

If you have any questions around the Cyber Action Plan and what it might mean working in, or closely with, the public sector, please contact secretariat@cb-network.org.

UK and Europe are under threat from Russian ‘information warfare’, warns Foreign Secretary

In a speech commemorating the centenary of the signing of the Locarno Treaties in 1925, the Foreign Secretary Yvette Cooper warned that ‘hybrid threats’ from Russia are threatening the UK and Europe, aimed at destabilising democracy, undermining collective interests and weakening critical national infrastructure. 

These hybrid threats include, but are not limited to, ‘relentless’ cyberattacks against businesses and critical infrastructure, dissemination of social media disinformation (including utilising generative AI), and state-sponsored sabotage. 

Cooper cited Russia’s campaign of ‘information warfare’ as a driving force that has led the UK to develop, and continue develop, its defensive cybersecurity, law enforcement and intelligence capabilities. 

In addition to the threat posed by Russia, the Foreign Secretary also raised the issue of Chinese-origin cyber threats. She used the speech to announce new sanctions on two China-based companies, i-Soon and Integrity Technology Group, which the government allege have been involved in ‘vast and indiscriminate cyber activities against the UK and allies’.

Hackers set their sights on government, with cyberattacks against the Foreign Office and Westminster City Council

The end of 2025 saw two cyberattacks launched against two major departments of national and local government. The Foreign, Commonwealth and Development Office (FCDO) and Westminster City Council both experienced cyber incidents in a pertinent reminder that the government remains a key target for cyber criminals.

The cyberattack affecting the FCDO was confirmed by Chris Bryant MP, who stated that the government had been aware since October 2025. The minister has claimed that the risk of compromise to individual data was ‘low’. While Bryant claimed that the perpetrators were ‘unclear’, The Sun newspaper has pointed fingers at a Chinese hacking group named Storm 1849, who were behind the ‘ArcaneDoor’ campaign affecting Cisco infrastructure in 2024. 

The cyberattack against Westminster City Council took place in late November, with confirmation from the council that data had been copied by the perpetrators, which potentially included sensitive council data. This also included data on a server that was shared between Westminster City Council and Kensington and Chelsea Council, however Westminster Council remains primarily affected. The perpetrators are currently unclear.

Westminster Council has urged residents to follow NCSC advice and be wary of any suspicious calls or emails, and has set up a helpline and email address to assist with any public enquiries relating to the cyber incident.

Insights

What to expect from CBN in 2026

CBN will be ramping up its advocacy work in 2026, with the year set to be pivotal legislative and strategic year in the UK cyber landscape. Our work will focus on engaging proactively with the Government on key areas that directly impact our community and expand member’s opportunities within the UK market.
Cyber Security & Resilience Bill: With the expectation of Royal Assent later this year , this legislation will undergo extensive parliamentary scrutiny in early 2026, modernising and strengthening UK cyber defences, including the expansion of NIS/NIS2. CBN is taking a proactive role in advocacy to shape the bill’s legislation and implementation.

Policy & Political

New Chief of SIS focuses on cyber and technology in first major speech

Blaise Metrewelli, the newly appointed chief of the UK’s Secret Intelligence Service (SIS), more commonly known as MI6, emphasised the organisation’s focus on enhancing its technological and cybersecurity capabilities in a speech delivered on the 15th December 2025.

Metrewelli claimed that SIS is currently operating in a ‘space between peace and war’, in which advanced technologies are reshaping conflict, power and trust globally. She highlighted how converging fields such as AI, biotechnology, and quantum computing are accelerating threats to UK national security. 

She stressed that information had become weaponised through disinformation and manipulation tactics, exemplified by increasing threats posed by Russian hybrid warfare, including cyberattacks, drones, sabotage, and influence operations.

In response, SIS is refocusing its efforts on mastering its use of technology, particularly around AI and data, and integrating it into their work such that  officers are as comfortable with code as with human sources.

This would see the SIS deepen partnerships across the UK intelligence community and the wider technology ecosystem, recognising that the defining issue is not who has the most powerful tech, but who can apply it effectively.

The UK and South Korea agree to enhance cyber collaboration in a new joint statement

The governments of the UK and South Korea agreed a joint statement on deepening technology ecosystems and strengthening digital collaboration, following the second UK-ROK (Republic of Korea) Digital Partnership Forum in Seoul, on 16th December 2025.

Four key pillars were agreed as part of the joint statement. These pillars are: strengthening digital infrastructure, fostering technological innovation, reinforcing multi-stakeholder approaches, and enhancing cybersecurity and securing critical technologies

The fourth pillar sees a commitment from both states to further collaborate to strengthen cybersecurity, within the framework of the last UK-ROK Cyber Dialogue, which saw the UK and South Korea commit to working together to counter malicious cyber activity from malign states, namely North Korea, Russia and China. 

With the new joint statement, both states have renewed this commitment, as well as reinforcing a particular focus on the growing role of AI within the cybersecurity field.

NCSC Updates

Business & Industry

NHS Supplier DXS International confirms cyberattack

DXS International, a provider of clinical solutions for healthcare professionals and patients to the NHS, confirmed that they experienced a cyberattack on their office servers on the 14th December 2025. 

The incident has been reported as having ‘minimal impact on the company’s services’, leaving front-line clinical services ‘unaffected and operational’.

The prolific ransomware threat actor ‘DevMan’ claimed responsibility, stating that they had copied around 300GB of data, threatening to release it publicly. However, neither the NHS nor DXS have commented on this claim.

Scattered Spider attacks cost UK retailers millions in damages

Cyberattacks against major UK retailers are estimated to have cost affected businesses millions of pounds in damages. Two of the worst affected were M&S and the Co-op Group, who are estimating losses of approximately £300m and £200m respectively.

Taking place between April and May of 2025, the attacks utilised the DragonForce ransomware, with social engineering tactics deployed, such as voice phishing, to compromise company networks via internal IT helpdesks. Hackers then activated the main ransomware payload across compromised systems.. 

These attacks triggered serious disruption to the businesses, causing data loss and outages that led to a depreciation of the companies stock and revenue prices.  

Events

CBN January Member Meeting

CBN is holding its first bi-monthly members meeting of 2026 in London, on Wednesday, 21st January, 4:30pm – 7:30pm. This event will comprise of a roundtable style discussion to help shape our 2026 agenda, as well as a discussion around ongoing developments regarding the Cyber Security and Resilience Bill, following its second reading in the Commons this month.

Please note: This vital session is exclusively for paying members and partners. If you’d be interested in attending the event, please RSVP to secretariat@cb-network.org.

To become a member and ensure you won’t miss any of our events, please visit ​​cb-network.org/join-us/

About CBN

The Cybersecurity Business Network is a coalition of leading UK-based organisations committed to strengthening the nation’s cyber resilience, fostering innovation and supporting economic growth. Through collaboration and knowledge sharing, we empower our members to drive growth and set standards for excellence across the UK cyber sector.

As a member-led network, our ambition is to serve as the unified voice of the UK cyber industry, championing its interests, amplifying its potential, advocating for greater engagement and support from government, media, and the wider business community.

If you are interested to hear more about CBN or want to become a member, then please reach out to secretariat@cb-network.org for more info.

CBN Newsletter | December 2025

Our monthly update bringing you the relevant, high-level policy and business news from across the cyber sector. 

This month, we take a look at our Inaugural Parliament & Cyber Conference, the Government’s Autumn budget, alongside a raft of other public and private sector announcements.

If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch. 

never miss a thing

Sign Up to Hear about News and events

Sign up

Headlines

Security Minister speaks at Parliament and Cyber Conference 

Minister for Security Dan Jarvis delivered the keynote speech at our first Parliament and Cyber Conference 2025, in which he called for stronger cyber resilience across government, business and society with the escalation of cyber threats in a hyper-connected world. 

Jarvis highlighted how, if cybercrime were an economy, it would be the third biggest in the world with global scams expecting to cost $27 trillion a year by 2027. The government is seeking to act with both legislation and policy, including the recently introduced Cyber Security and Resilience Bill, and the Counter Political Interference and Espionage Action Plan as well as support of the NCSC.

During his address at the conference, Jarvis noted that “Our tech sector is one of the most crucial chips in the economy’s motherboard. One that takes its cyber security seriously. I hope that, through Government support and their own initiative, that the rest of our business leaders follow in your footsteps.”

Government’s publishes Cyber Security and Resilience Bill

The Government introduced the Cyber Security and Resilience Bill for its First Reading in the House of Commons on 12 November 2025, marking the first time a UK Bill has included “cyber” in its title. The legislation represents a significant effort to modernise the UK’s cyber framework by expanding the scope of regulated services, strengthening reporting requirements and providing regulators with enhanced tools to enforce compliance. It builds on the Cyber Governance Code of Practice published in April 2025 and further develops the UK’s NIS regime, bringing it closer, though not fully in line with, the EU’s NIS2 directive.

The Bill widens the range of organisations subject to cybersecurity standards, introducing data centres as essential services under joint oversight from Ofcom and the DSIT Secretary of State.The Bill also, amongst other provisions:

Please contact secretariat@cb-network.org for more information on the Bill.

Policy panel: Designing a resilient future

At the Parliament and Cyber Conference, during the Panel “UK cyber policy: designing a resilient future”, speakers, including Cyber Innovation APPG officer Alison Griffiths MP, and Jonathon Ellison, National Resilience Director at the NCSC  emphasised the scale of the challenge and the importance of ensuring the Bill is implemented in a way that is both effective and proportionate. 

Across our events, there was clear consensus from both public and private sector voices on the need for sustained cross‑collaboration as the Bill progressed through Parliament, with particular focus on proportional definitions, workable reporting obligations and transparent approaches to designating critical suppliers.

Innovation panel: Securing our future in a world of AI and quantum 

The second panel at Parliament and Cyber Conference 2025, titled  “The next frontier: securing our future in a world of AI and quantum,” examined how emerging technologies are reshaping both opportunity and risk for the UK.

Artificial intelligence was discussed as a major driver of growth and productivity, but panellists underlined how it has already begun to transform the cyber threat landscape. Panellists highlighted escalating AI enabled fraud, the potential misuse of generative tools, and complex questions of accountability in autonomous defence systems. Looking ahead, they noted that the emergence of quantum computing could further disrupt existing cyber security protocols and undermine many of today’s cryptographic standards.

The panel focused on how the government can respond with agile and effective policy, working closely with industry to strengthen resilience and protect both the economy and wider society. 

Speakers included Daniel Aldridge MP, Chair of the APPG for Cyber Innovation, Zeki Turedi, Field CTO at CrowdStrike, Shaukat Ali Khan, CDIO at NHS West Yorkshire, Dr Melanie G., Associate Professor at UCL, and Sean Remnant, CSO at Exclusive Networks. 

Insights

What to expect in 2026 from CBN

Following our Conference it was clear that cyber resilience is now firmly established as a national priority.

With more than 150 parliamentarians, policymakers, academics and industry leaders there was a clear consensus from both public and private sector voices emphasising the need for sustained cross‑collaboration as the Bill progresses through Parliament, with particular focus on proportional definitions, workable reporting obligations and transparent approaches to designating critical suppliers.

In 2026, CBN looks forward to working constructively with the Government as it sets out its plans across Cyber Security, most notably the Cyber Security & Resilience Bill, as well as the forthcoming  National Cyber Action Plan, and broader government approaches. We are excited to develop on the progress made this year, including supporting the APPG for Cyber Innovation, to create further opportunities for engagement with key stakeholders. 

Please do get in touch with the team at secretariat@cb-network.org for more information. 

Policy & Political

Autumn Budget 2025

After much speculation and anticipation, the Chancellor’s Autumn Budget was unveiled – albeit  following a premature leak from the Office for Budget Responsibility

The Budget was presented as making the “fair and necessary choices” to ease pressures on households, strengthen public services and support growth. 

Cyber was predominantly absent from the Chancellor’s Budget speech. With her self-imposed rules preventing rises to income tax, National Insurance or VAT, she instead relied on freezing income thresholds and introducing a series of wider tax increases to reduce borrowing and create future fiscal headroom. Business rates for retail, hospitality and leisure will be permanently lowered, funded in part by higher rates for the most expensive properties. Notably: 

Technology also featured prominently, with commitments on AI infrastructure and data centres, new AI Growth Zones and a brief reaffirmation of previously published digital ID plans in the context of immigration control and efficiency savings, as well as reaffirmation of defence spending targets. 

Ministers and NCSC write to small business on cyber security

Minister Liz Lloyd, Minister Blair McDougall and the National Cyber Security Centre (NCSC) CEO Richard Horne have written to small businesses reminding them of the resources available to them to ensure that  they remain cyber secure – including the free Cyber Action Toolkit, Cyber Essentials, and Action Fraud.

The signatories urge small businesses to take these steps to remain resilient in the face of increasing cyber attacks; half of small businesses in the UK report having suffered a cyber attack in the previous 12 months and 35% of micro businesses reported phishing attacks.

The NCSC has also published a dedicated blog on these available resources, which can be seen here.

NCSC Stop! Think Fraud campaign

The NCSC has launched a nationwide Stop! Think Fraud campaign, offering advice to individuals and small businesses ahead of the busy festive period. The campaign encourages online shoppers to follow tips from the Home Office and the NCSC to avoid online scams, with individuals encouraged to report suspicious activity to the NCSC. 

Cyber recruits graduate from Defence Cyber Academy

An inaugural group of around 30 graduates will enter operational roles in cyber defence following their training at Defence Cyber Academy on their fast-track Cyber Direct Entry programme, with new training places available for people aged 18-39 for 2026.

The graduates will be joining the new Defence Cyber & Electromagnetic Force (DCEMF).

The entry route sees basic training reduced from 10 weeks to around one month, after which recruits undergo three months’ specialist training. 

In 2025, the UK faced 18 major cyber incidents – an almost 50% increase on the previous year and the third consecutive annual rise.

Research and analysis: Research on mapping the AI and software cyber security services market

The government is carrying out research on mapping the AI and software cyber security services market. Commissioned by DSIT, this project aims to better understand the skills, services, and tools available to support organisations in the UK in meeting the requirements of the Global Standard for AI Cyber Security and the Software Security Code of Practice.

The research will build on this market analysis, and will consist of a telephone survey of UK-based organisations that provide AI and/or software cyber security services.

NCSC Updates

Parliamentary Questions

This past month, questions were answered on army recruitment into their cyber stream, the growth of a grey area in cyber defence investment, and cyber-security based amendments to regulations of telecoms infrastructure One debate highlighted the role of the Council of Europe in tackling cyber crime, and the yearly debate on Remembrance Day outlined the growth of military personnel specialising in cyber warfare. The need to highlight cybersecurity training amongst SME’s was outlined,  and the House of Commons Business and Trade Committee outlined the need for cybersecurity to form part of an economic security safeguard for businesses. The Government further announced cyber counter-measures against Chinese espionage. 

Business & Industry

Major UK altnet data breach highlights supply chain risk

Alternative broadband provider Brsk, which recently merged with Netomnia, reported a major DDoS customer data breach that reportedly exposed around 230,000 customer records for sale on a hacking forum. The compromised database included names, email addresses, physical addresses, phone numbers, installation and booking details, internal IDs, location data and indicators of vulnerable customer status, although Brsk stated that no financial information, passwords or login credentials were affected.

Cyber attack on London councils triggers emergency response

Westminster City Council and the Royal Borough of Kensington and Chelsea activated emergency and business continuity plans following a cyber attack that disrupted shared IT systems and phone lines. Working with cyber specialists and the National Cyber Security Centre, both councils focused on maintaining critical services and support for vulnerable residents while systems were taken offline and restored.

The Information Commissioner’s Office was notified and investigations into the source, scale and any potential data compromise are ongoing. Other London boroughs, including Hammersmith and Fulham, were also believed to have been affected and were advised to warn staff about phishing risks, including suspicious emails and unexpected links, as services were not expected to be fully restored until later in the week.

KawaiiGPT shows how free AI tools are lowering the barrier to cybercrime

The growing use of KawaiiGPT has been outlined as aiding in lowering the barrier to commit cybercrime. KawaiiGPT, a free, open source “black hat” large language model that has been available since July 2025 and is now at version 2.5. Unlike paid tools such as WormGPT, KawaiiGPT could be installed from GitHub in minutes and used via a simple command line interface to generate convincing phishing emails, ransomware notes and working attack scripts, enabling even low skilled individuals, referred to informally as “script kiddies”, to launch sophisticated campaigns. With hundreds of users coordinating via Telegram, the tool illustrated how freely available offensive AI was compressing attack cycles and eroding traditional warning signs such as poor grammar, reinforcing the need for AI aware email filtering, anomaly detection and broader defensive controls.

Cyberattack exposes customer data of major financial institutions 

Real estate finance and tech vendor SitusAMC disclosed a cyber attack that may have exposed customer data from several leading US banks, including JPMorgan, Morgan Stanley and Citi, as well as other top‑tier institutions. The firm, which processes mortgage payments and manages real estate loan data for many of the top 20 US banks, reported that corporate accounting records, legal agreements and some client customer details were accessed, although no encrypting malware was involved. The incident currently remains under FBI investigation.

Events

Members should keep their eyes peeled as we will be launching our 2026 events and activity in the coming weeks.

Partner Events

Sign up for the CCUK Fraud Summit 2026

We are excited to announce the return of our highly anticipated Fraud Summit 2026, bringing together the industry’s most authoritative voices. CCUK is currently looking sponsors for the event, and has a range of sponsorship packages. 

Join CCUK on Wednesday 15th April 2026 at One Birdcage Walk in London for our second annual summit. We’ve built on the success of last year to create an even more powerful, insightful agenda focused on actionable intelligence and collaborative solutions.

This is your opportunity to gain unparalleled access to the decision-makers and experts who are shaping the UK’s response to security threats.

This year’s programme will feature an elite lineup of speakers from every critical sector, ensuring you get a 360-degree view of the fraud landscape. Connect with industry peers and key stakeholders in a focused, professional setting.

CBN members get discounted tickets, secure yours here

Would you like to raise your company profile by being the event’s supporter? Check our sponsorship pack here and contact team@commscouncil.uk for more information. 

Please do contact team@commscouncil.uk for more information. 

About CBN

The Cybersecurity Business Network is a coalition of leading UK-based organisations committed to strengthening the nation’s cyber resilience, fostering innovation and supporting economic growth. Through collaboration and knowledge sharing, we empower our members to drive growth and set standards for excellence across the UK cyber sector.

As a member-led network, our ambition is to serve as the unified voice of the UK cyber industry, championing its interests, amplifying its potential, advocating for greater engagement and support from government, media, and the wider business community.

Membership to CBN is free for all cybersecurity organisations. If you are interested to hear more about CBN or want to become a member, then please reach out to secretariat@cb-network.org for more info.

CBN Newsletter | July 2025

Our monthly update to bring you the relevant, high-level policy and business news from across the cyber sector. 

This month, we take a look at the Government’s new Industrial Strategy, Cyber Growth Action Plan, and a raft of other public and private sector announcements.

If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch. 

never miss a thing

Sign Up to Hear about News and events

Sign up

Headlines

Government published Modern Industrial Strategy 

Last month, the Department for Business and Trade (DBT) unveiled its long-awaited Modern Industrial Strategy, a ten-year long plan to increase economic growth and foreign direct investment in the UK, which focuses on eight growth-driving sectors.. 

The strategy has a strong focus on cybersecurity, with Chapter 3.3 of the Digital and Technology Plan dedicated solely to cyber. Viewed as a driver of growth and security, the plan states that the Government will aim to attract investors and support innovation across cyber skills, R&D, infrastructure, regulation and international partnerships; this is also supported by the billions in extra funding awarded to the Department for Science, Innovation and Technology (DSIT) in the recent Spending Review. 

Key commitments include:

Separately, the  Government has also recently published the 10-Year Infrastructure Strategy, which pledged at least £725 billion in public funding over the next decade to update the UK’s economic and social infrastructure. 

Further, they also released the National Security Strategy (NSS); in recognising our reliance on digital infrastructure could increase vulnerabilities to cyber attacks, the strategy outlined the Government’s commitments to improving national security – most notably, it announced that a dedicated National Cyber Strategy will be published later this year to outline the Government’s approach to cybersecurity resilience, alongside a further Resilience Strategy targeting a broader range of risks and the upcoming Cyber Security and Resilience Bill, expected later this year. 

If you have any questions regarding the Government’s work in this area, please contact us at secretariat@cb-network.org. 

Cyber Growth Action Plan 2025

The government published the terms of reference for a new Cyber Growth Plan, which will identify possibilities for growth in the UK’s cyber sector. Led by Bristol University and Imperial College London, the recommendations are expected to be published “later this summer”. 

Specifically, the review will cover the supply and demand of cyber goods and services, such as protective monitoring and encryption, identifying potential areas to capitalise on as well as explore the possibilities associated with AI and quantum. The Plan will feed into the forthcoming National Cyber Strategy.


 

Insights

Why Cybersecurity Needs Storytellers

How comms can combat misinformation and build trust

Liva Emmatty, our Communications Lead here at CBN, writes about how cybersecurity is as much about people and trust as it is about technology. With social media now the main news source for over half the global population, the spread of misinformation can leave organisations exposed to confusion and reputational harm.

Communications professionals in cybersecurity have a crucial role in busting common myths, simplifying technical concepts through relatable storytelling, and engaging with policymakers to ensure cyber policy reflects real-world challenges, and can help organisations prepare for crises by monitoring misinformation and responding quickly and clearly.

Interested in learning more about how you can benefit from communications support? Reach out to the CBN secretariat at secretariat@cb-network.org

News Updates

Political and policy updates

UK and Canada commit to cybersecurity cooperation

The UK and Canada have agreed to increase collaboration on cybersecurity as part of their broader partnership. This includes joint efforts to counter malicious cyber activity, information manipulation, and digital transnational repression. 

The countries are launching the Joint Canada-UK Common Good Cyber Fund, with $5.7 million (£ ) in initial funding, to support civil society organizations at high risk from digital threats. Both countries will also work together to develop secure communications products, advance cryptography, and start new research partnerships to address gaps in AI security and improve AI models for national security purposes.

Ministerial comment on cyber and undersea cable threats

The Parliamentary Under-Secretary of State for Defence, Luke Pollard, said during a National Security Strategy Committee inquiry session that the Submarine Telegraph Act 1885, which imposes fines of up to £1,000 for cable sabotage, is somewhat “out of step” with modern-day risk, and the government may look to update the legislation in coming years. 

Telecommunications Minister Chris Bryant explained that while current laws are functional for peacetime, there is a gap in how the UK addresses “grey zone threats”. He explained that the government is looking at creating a defence readiness bill in future, as noted in the recent Strategic Defence Review. 

Threats to undersea cables pose a significant risk to the UK cyber industry by jeopardising the secure and reliable flow of data that underpins its operations and services. This session was part of a larger inquiry into the security of the UK’s undersea cables, which is set to be published later this year. 

Parliamentary report on Iranian cyber threats

report from Parliament’s Joint Intelligence and Security Committee has warned that Iran poses a significant and persistent cyber threat to the UK, on a par with those from Russia and China. 

The report, which is based on classified intelligence and expert interviews, highlighted the damage caused by Iranian cyber attacks targeting UK companies, as well as ongoing efforts by the Islamic Revolutionary Guard Corps (IRGC) to conduct hostile operations within the UK. It also outlines the various measures the UK has taken to respond, including “offensive cyber” and to address “cyber espionage”. 

Parliamentary questions

This month, members raised questions around ensuring the resilience of 6G infrastructure against cyber threats, the investigation into recent cyber attacks on Marks and Spencers and the support of high street retailers (also here) against these attacks. A member also asked about the safeguarding of air traffic control from cyber threats. Finally a member from the House of Lords raised a question on public cybersecurity vacancies and contracting. 

NCSC updates

Business Updates

Cyber security investment drives growth but threat landscape intensifies

UK businesses are generating an estimated £27bn in additional annual revenue from investing in cyber security, according to research by ESET, a global cyber security provider. The data shows that 53% of UK firms report increased turnover linked to cyber investment, with 70% of those attributing growth to winning new business due to strong cyber credentials. 

44% of firms reported that robust cyber security has enabled them to take more risks, such as entering new markets or adopting new technologies. However, the retail and public sectors remain frequent targets. ESET also found that 53% of UK firms have suffered at least one cyber attack, and that cyber crime has cost UK businesses £63bn in the past three years. 

It was further reported that 77% of firms plan to increase their cyber security budgets as they increasingly see digital resilience as a commercial asset rather than just risk mitigation. Despite this, only 12% fully outsource their cyber operations, and 69% have experienced ransomware breaches.

Four arrested over cyber-attacks on M&S, Co-op and Harrods

The National Crime Agency (NCA) said two 19-year-old men, a 17-year-old boy and a 20-year-old woman had been apprehended on suspicion of breaching the Computer Misuse Act, blackmail, money laundering and joining the activities of organised crime.

About CBN

The Cybersecurity Business Network is a coalition of leading UK-based organisations committed to strengthening the nation’s cyber resilience, fostering innovation and supporting economic growth. Through collaboration and knowledge sharing, we empower our members to drive growth and set standards for excellence across the UK cyber sector.

As a member-led network, our ambition is to serve as the unified voice of the UK cyber industry, championing its interests, amplifying its potential, advocating for greater engagement and support from government, media, and the wider business community.

Membership to CBN is free for all cybersecurity organisations. If you are interested to hear more about CBN or want to become a member, then please reach out to secretariat@cb-network.org for more info.

Founded by Clarity

Global digital marketing and communications agency, providing fearless marketing and consultancy to the world’s most progressive companies.

We match data-driven science with human ingenuity to expand our full-funnel, specialist services and expertise. Our vision is to accelerate positive change and impact across the world. A firm believer of cybersecurity as an enabler of growth and resilience, we are proud to driving its prosperous impact forward. Get in touch with secretariat@cb-network.org to understand more on how Clarity can enhance reputation, create impact, and drive growth in your organisations.

CBN Newsletter | January 2025

Our monthly update to bring you the relevant, high-level policy and business news from across the cyber sector. 

This month, we provide an update on two significant announcements from the UK government, an insights piece from out CBN comms lead, and our usual policy and business news. 

If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch. 

never miss a thing

Sign Up to Hear about News and events

Sign up

Headline News

Global Cybersecurity Outlook 2025
The World Economic Forum (WEF) has published its annual Global Cybersecurity Outlook report, which highlights the complexity of the cybersecurity landscape – intensified by geopolitical tensions and emerging technologies, interdependencies and cybercrime sophistication, governments, organisations and individuals are being challenged to adapt and innovate in order to ensure our continued security. 

Please see below for a longer analysis. 

Risk facing UK “widely underestimated”
The National Cyber Security Centre (NCSC) published its Annual Review 2024, drawing out key aspects and learnings from the agency’s work over the past year across four chapters – cyber threats; cyber resilience; the cyber market ecosystem; and future cyber technologies. 

Notably, it highlights geopolitics and the continuing cyber threat of nation-state actors – particularly China and Russia – against the UK’s critical national infrastructure (CNI), a point which was emphasised further by CEO Richard Horne in his first major speech. 

Launching the Review, Horne cautioned that cyber risks facing the nation from nation state actors are “widely underestimated”, and the UK is engaged in a “contest for cyberspace” with those seeking to use our “technology dependence” to disrupt daily life. The report indicated that there has been a sizable increase in the number of incidents handled by the organisation in the 12 months up to August 2024, with ransomware being the most pervasive threat.

UK: AI Opportunities Action Plan
The UK Government has published its “AI Opportunities Action Plan”, which lays out how it intends to employ artificial intelligence (AI) to boost economic growth and deliver more efficient public services, and is described as a “cornerstone” of the Government’s Plan for Change. 

Identifying three overarching goals, the Plan is broken down into 50 recommendations which give further detail and approximate timelines for when each will be implemented. Overall, the Plan takes a bold approach to AI, with the “safety” and “guardrails” approach from previous Prime Minister Sunak seemingly left behind. Interestingly, cyber (security) does not feature heavily, instead only mentioned briefly in terms of increasing talent and skills, as well the potential for regulation to actually drive innovation, rather than hinder it. 

If you have any questions about what these updates mean for the cyber sector or your business, or would like to engage with the Industrial Strategy consultation, please get in contact with us at secretariat@cb-network.org.

Enhancing communication between security and business leaders 

Written by Marco Bresciani, Cyber Risk Enthusiast and CBN Board Member

How can cybersecurity professionals bridge the gap between technical risks and business priorities? 

Communicating cybersecurity risks effectively to executives requires more than just technical knowledge – it needs data-driven, actionable insights.

Cyber risk quantification (CRQ) bridges this gap by offering an objective way to assess and communicate cyber exposure, enabling better decision-making and risk prioritisation. Frameworks like Open FAIR framework provide structured approaches, but challenges such as complexity, manual processes and static data have hindered adoption.

Early adopters show that success comes from aligning CRQ with business needs, leveraging available data and automating processes for efficiency. CRQ is now maturing into a vital tool for informed cybersecurity investment and risk management, proving that innovation thrives where determination exists. 

Read the full article from CBN Board Member Marco Bresciani, who delves into the evolving role of CRQ and its potential to revolutionise cybersecurity communication.

Image credit: Thinkstock

News Updates

Political and policy updates

CMA reform gains traction in the House of Lords
Lord Holmes of Richmond, supported by Lord Clement-Jones, tabled an amendment relating to the Computer Misuse Act (CMA) during the Lords Committee stage (day 4) debate of the Data (Use and Access) Bill. 

The amendment would have afforded a legal defence for legitimate cybersecurity activities, serving to provide stronger legal protections for cybersecurity researchers and professionals engaged in threat intelligence research, updating in provisions made in 1990 by the CMA. As noted by Lord Arbuthnot of Edrom, these amendments come in the context of the long-standing CyberUp campaign. The Lords urged the Government that the update is necessary for the UK to avoid falling further behind advancements in emerging technology, such as AI.

The Minister, Baroness Jones of Whitchurch, acknowledged the importance of having the correct legal framework to protect legitimate cybersecurity activities, and that the Government is committed to ensuring the CMA is updated, with the issue being investigated by the Home Office, as well as the NCSC and law enforcement agencies. 

The amendments were withdrawn. 

Regional skills projects to bolster UK cyber defences
The Government has announced £1.9m new private and government funding for 30 projects, delivered by local organisations, which will be targeted at boosting the UK’s cyber resilience by plugging skills gaps. 

First announced at a global cyber security meeting convened by the UK in September, these projects – delivered by organisations such as universities, local community groups and businesses – will tap into local “know-how” and partnerships to support initiatives which meet the needs of individual areas. The projects include programmes to upskill workers and improve diversity in the talent pipeline, ultimately serving to bolster the cyber workforce, drive growth, and improve economic and cyber security. 

Reaction system activated to track undersea infrastructure threats
Following reported damage to an undersea cable in the Baltic Sea, the UK and allies have launched a new UK-led reaction system to track potential threats to undersea infrastructure and monitor the Russian shadow fleet via the Joint Expeditionary Force (JEF). 

Second UK-EU Cyber Dialogue takes place in London
The second Cyber Dialogue between the EU and UK took place in London in December, during which representatives discussed respective approaches to cyber resilience; deterrence strategies; countering cybercrime; the Pall Mall Process; cyber skills; and cyber capacity building. 

The next dialogue will take place in Brussels in 2025. 

UK and Norway join forces to counter eavesdropping
The UK and Norwegian governments announced an agreement to collaborate more closely on research and development of technical security, to detect and expose eavesdropping devices. 

Under this agreement, the two nations aim to bolster their collective resilience against threats from hostile states. 

NCSC updates

Business and industry

Global Cybersecurity Outlook 2025
The World Economic Forum (WEF) has published its annual Global Cybersecurity Outlook report, which highlights the complexity of the cybersecurity landscape – intensified by geopolitical tensions and emerging technologies, interdependencies and cybercrime sophistication, governments, organisations and individuals are being challenged to adapt and innovate in order to ensure our continued security. 

Notably, the report marks a stark disparity between large and small organisations in terms of security capabilities – a trend which is reflected between the global north against the global south, and private versus public sector. 

Looking ahead to 2025, the report predicts that the world is entering an “unprecedented” era of complexity – with both national and international companies facing overlapping, increasing regulatory requirements  and greater dependence upon potentially insecure supply chains. 

It presents an “AI-cyber paradox”, threat actors employ new technologies to widen the threat to potentially disrupt human safety, as cyber defenders race to employ the same technologies to strengthen barriers against such attacks. Future technologies such as quantum computing offer “unprecedented” opportunities to accelerate security – and risk.  

The report concludes by highlighting that it is crucial for leaders to understand the cumulative impacts of this complexity on both organisational and national cybersecurity – and that the financial implications of a lack of cybersecurity measures should far outweigh the cost of implementing the measures. 

Cyber in the headlines: state-affiliated threats dominate landscape
Against the backdrop of rising geopolitical tensions, reports highlighting the ever-increasing rate of cyberattacks – particularly from state-affiliated groups – have dominated sector headlines. 

report from Cyfirma focused on the sharp increase in frequency and severity of attacks from Russian-affiliated groups such as Sandworm and APT29 over the course of 2024, targeting key areas in the UK and NATO allies such as critical infrastructure, governmental and defence organisations, and supply chains. 

At the same time, reports that Chinese state-affiliated Salt Typhoon hacker group carried out a series of high-profile attacks against US-based telecommunications companies has highlighted the possibility of similar attacks against UK equivalents. 

The NCC Group’s analysis of cyber threats in the UK highlighted a rise in ransomware attacks which featured a “blurring of lines between criminal and state-sponsored activity”, making way for more “sophisticated” attacks from a range of actors. Over three-quarters of attacks affected organisations in Europe and North America, particularly against “industrials” sectors, with Akira acting as the most active threat and new ransomware strain Ymir emerging as a dominant player. 

News of rising threats – or indeed from state-affiliated actors – may be nothing new, but recent reports taken together have indicated a refreshed awareness which we can expect to continue throughout this year; this is reflected by the NCSC’s Annual Review, and by the WEF’s Cybersecurity Outlook. 

Industry Event |GovTech Show and Exhibition 2025: Public Sector Innovation and Transformation

The Royal Society of Medicine, London
19th March 2025, 9am – 5pm

CBN is delighted to offer our members an exclusive opportunity to join the Institute of Government & Public Policy for their upcoming GovTech and Exhibitor 2025 event. 

In collaboration with Socitm, the Society for Innovation, Technology and Modernisation, the event will to reimagine how the public sector operates and serves citizens. It will tackle the barriers and challenges of transforming public services to meet demand head-on, and attendees will walk away with actionable insights on harnessing efficient, secure, and sustainable technology to deliver cost-effective, citizen-centric services.

Join IGPP in central London for an immersive journey where public sector professionals, policymakers, and the brightest minds in industry converge to explore the technological possibilities shaping the future of the UK public sector.

CBN is able to offer 20 exclusive free places to our members. If you are interested, register your place with sign up code: CLARITY100. 

Register for the IGPP event

About CBN

Our new mission is to bring together cybersecurity companies to network, learn and debate across three key pillars — trade and export, policy, and market insights. Our members will be enabled to promote their cybersecurity expertise and capabilities, strategically engage with key stakeholders and develop lasting relationships in key verticals, in a wider effort to influence government policy and promote innovation in the sector. 

The strategic direction of CBN is shaped by our Membership who benefit from increased brand exposure and engagement opportunities with key stakeholders in the cyber space, other key sector verticals, media, government and regulators.

Membership to CBN is free for all cybersecurity organisations. If you are interested to hear more about CBN or want to become a member, then please reach out to secretariat@cb-network.org for more info.

Founded by Clarity

Global digital marketing and communications agency, providing fearless marketing and consultancy to the world’s most progressive companies.

We match data-driven science with human ingenuity to expand our full-funnel, specialist services and expertise. Our vision is to accelerate positive change and impact across the world. A firm believer of cybersecurity as an enabler of growth and resilience, we are proud to driving its prosperous impact forward. Get in touch with secretariat@cb-network.org to understand more on how Clarity can enhance reputation, create impact, and drive growth in your organisations.

CBN Newsletter | December 2024

Our monthly update to bring you the relevant, high-level policy and business news from across the cyber sector. 

This month, we provide an update on two significant announcements from the UK government, an insights piece from out CBN comms lead, and our usual policy and business news. 

If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch. 

never miss a thing

Sign Up to Hear about News and events

Sign up

Headline News

UK hosts NATO Cyber Defence Conference
On 25th November, the UK’s Chancellor of the Duchy of Lancaster, Pat McFadden, addressed the second ever NATO Cyber Defence Conference at Lancaster House to highlight the threat of Russian aggression in cyberspace and announce the launch of a new security research lab. 

McFadden said NATO members need to work together to strengthen their collective cybersecurity, and must “not underestimate” the threat Moscow – and other adversaries including Iran, North Korea, and China – poses in a “hidden war”, consistently targeting critical national infrastructure. He highlighted that, after 75 years, Western allies “need NATO more than ever”. 

Further, the Chancellor, who oversees all national security and resilience for the UK, unveiled a new Laboratory for AI Security Research (LASR), in recognition that AI is “revolutionising” national security. The Lab, which has been set up in partnership between the UK Government, academia and the private sector, will also seek collaboration with allies including NATO and Five Eyes nations to help create better defence tools and organise intelligence.

Separately, NCSC CEO Richard Horne is expected to make is first major speech today (3rd December 2024) since starting the role in October to highlight that hostile activity in UK cyberspace has increased in “frequency, sophistication and intensity” from nation-state actors, including Russia and China, who want to cause maximum disruption. His speech also launches the NCSC’s eighth Annual Review, released today. 

Chancellor calls out fraud in Mansion House speech
Rachel Reeves delivered her first Mansion House speech as Chancellor of the Exchequer on 14th November to unveil a strategy for driving economic growth, boosting private investment, and reforming financial services. Overall, her speech was centred on public investment, addressing domestic challenges, and enhancing the UK’s role in finance. 

Notably, she also called on technology and telecommunications companies to go further in addressing fraud, alongside law enforcement and coordinated efforts across sectors, ahead of the upcoming fraud strategy expected in spring 2025. 

If you have any questions about what these updates mean for the cyber sector or your business, or would like to engage with the Industrial Strategy consultation, please get in contact with us at secretariat@cb-network.org.

The other frontline: UK Government recognition of cyber threats

Shortly after the Labour party came to power, the new Secretary of State for Science, Innovation and Technology Peter Kyle warned that Britain is “desperately exposed” to cyber threats and pushed for the new Cyber Security and Resilience (CSR) Bill to replace a previously expected AI Bill, in order to prioritise national security amid warnings from the NCSC of rising attacks on critical national infrastructure (CNI) organisations. 

Fast forward a few months down the line and NCSC Head Richard Horne has cautioned that cyber risks facing the nation, particularly from nation-state actors including Russia and China, are “widely underestimated”. He went on to say that the UK “must improve” the defence and resilience of CNI, supply chains, the public sector and the wider economy. 

Horne’s speech follows the message from Pat McFadden, Chancellor of the Duchy of Lancaster who, last week, highlighted the importance of international cooperation on cybersecurity at the NATO Cyber Defence Conference, and announced the launch of a new Laboratory for AI Security Research (LASR). In his speech, McFadden noted that the war in Ukraine “is also raging on another frontline, in cyberspace.”

Taken alongside the recent designation of data centres as CNI and a potential commitment to reform the Computer Misuse Act (CMA) it would seem that the UK government has a high regard for and strong focus on cyber – however, this recognition is clearly not enough, as recent high-profile attacks on NHS hospitals and Transport for London (TfL) publicly highlight the fragility of our networks, and reports on the vulnerability of SMEs crop up frequently. 

As noted by the Times, there is “only so much the government can do”, particularly given the vulnerability of supply chains, yet it still bears the primary responsibility for our national security. 

So outside of legislation, what is the role of government in shoring up the defences of UK businesses? How could it better capitalise on the potential of the British cyber ecosystem – is innovation and investment really prioritised, and is the procurement process fit for purpose? 

CBN plans to look at these questions – and more – in 2025. We always welcome input from our members, so please get in touch with any thoughts!

If you have questions about how you can better communicate your services, ongoing media trend analysis or wish to engage with government affairs, please get in touch with the CBN team. 

News updates 

Policy and political

4th Republic of Korea-UK Cyber Dialogue held in London
The UK hosted the fourth Cyber Dialogue with the Republic of Korea, during which the two countries discussed a wide range of issues including threat deterrence strategies, private sector collaboration, cyber skills, and international cooperation. 

NCSC updates

Business and industry

New UKRI-funded network to bolster UK’s cyber security research ecosystem
The Cyber Security Research and Networking Environment (CRANE) NetworkPlus, established by Oxford University’s Computer Science Department, has been awarded a £6 million investment from the UKRI Engineering and Physical Sciences Research Council (EPSRC).

Launching in 2025, the initiative aims to drive better cyber security across the economy and make businesses, charities, communities, and people more resilient against cyber threats.

UK retailers exposed to email fraud ahead of Black Friday
New research from cyber company Proofpoint reveals that 40% of top UK online retailers are not fully protecting customers from email fraud, leaving them vulnerable during the pre-festive shopping period. 

The study found that only 60% of retailers have implemented Domain-based Message Authentication, Reporting and Conformance (DMARC) protection  an email authentication protocol designed to block fraudulent emails. While this is a slight improvement from 2023, many retailers still lack adequate security.

Amid holiday sales, the report urges consumers to use multi-factor authentication, avoid suspicious websites and verify deals to stay safe from phishing and fraud.

This report is based only on data collected by Proofpoint.  

About CBN

Our new mission is to bring together cybersecurity companies to network, learn and debate across three key pillars — trade and export, policy, and market insights. Our members will be enabled to promote their cybersecurity expertise and capabilities, strategically engage with key stakeholders and develop lasting relationships in key verticals, in a wider effort to influence government policy and promote innovation in the sector. 

The strategic direction of CBN is shaped by our Membership who benefit from increased brand exposure and engagement opportunities with key stakeholders in the cyber space, other key sector verticals, media, government and regulators.

Membership to CBN is free for all cybersecurity organisations. If you are interested to hear more about CBN or want to become a member, then please reach out to secretariat@cb-network.org for more info.

Founded by Clarity

Global digital marketing and communications agency, providing fearless marketing and consultancy to the world’s most progressive companies.

We match data-driven science with human ingenuity to expand our full-funnel, specialist services and expertise. Our vision is to accelerate positive change and impact across the world. A firm believer of cybersecurity as an enabler of growth and resilience, we are proud to driving its prosperous impact forward. Get in touch with secretariat@cb-network.org to understand more on how Clarity can enhance reputation, create impact, and drive growth in your organisations.

CBN Newsletter | November 2024

Our monthly update to bring you the relevant, high-level policy and business news from across the cyber sector. 

This month, we provide an update on two significant announcements from the UK government, an insights piece from out CBN comms lead, and our usual policy and business news. 

If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch. 

never miss a thing

Sign Up to Hear about News and events

Sign up

Headline News

UK political update: the Budget and a “modern” Industrial Strategy
On Wednesday, 30th October, Chancellor Rachel Reeves presented the new Labour Government’s first annual Budget. With a reportedly dismal economic outlook yet a manifesto promise to bring growth, the Chancellor changed borrowing rules and increased the overall tax burden on the country by £40bn in order to increase investment in key sectors and public services. 

Skirting around controversy of whether Labour broke its election manifesto commitment, the Chancellor continued the Government’s messaging of boosting growth and productivity and utilising innovative tech – especially in health, energy, defence and digital.

Notably, the Strategic Defence Review (SDR) was mentioned, in which the Government is considering cyber and digital “as a next step” as they develop their plans in this area. Other than defence, cyber was only mentioned in terms of improving the security of the NHS. 

Ahead of the Budget, the Government had launched its “modern” Industrial Strategy and associated consultation, aiming to streamline funding into eight key sectors – manufacturing; clean energy; creative industries; defence; digital and technologies; financial services; life sciences; and professional and business service – in an aim to address challenges via a “cross-cutting” and “pro-business” approach. 

While cyber is not mentioned in the Industrial Strategy, the consultation nonetheless plans to “focus on a range of technologies and their commercialisation, with a portfolio approach that backs smaller, less proven, and more disruptive businesses alongside larger, well-established businesses in existing sectors” under the context of investing in digital technologies, which presents a key opportunity for the sector to engage and raise its profile within government. 

If you have any questions about what these updates mean for the cyber sector or your business, please get in contact with us at secretariat@cb-network.org.  

Enhancing supply chain cybersecurity: positive storytelling and clear communication

Recent disruptions caused by global IT outages have shed light on how a lack of IT supply chain diversification fundamentally undermines resilience by concentrating risk. Over the last few months, many organisations have been considering the makeup of their supply chains, and the strength of their incident management and response plans, accordingly.

In a key insights articleCBN Communications Lead, Liva Emmatty, outlines the communication challenges faced by cybersecurity leaders and organisations in this context, and the value that powerful storytelling and clear communications can bring to cyber firms looking to boost reputations when trust is low.

If you have questions about how you can better communicate your services to customers or wish to speak to government about future solutions, please get in touch with the CBN team.

Read the article here

Political and policy updates

Building partnerships to protect the UK from cyber crime
In a speech to the PREDICT 2024 Conference, Home Office Security Minister Dan Jarvis said that “cyber security is national security” and highlighted how national security is the “foundation” for the Government to achieve its five missions. 

He went on to say that the Government is considering reviewing the Computer Misuse Act (CMA), and in light of the spending review are reviewing several policy areas to enable and enhance security. 

Five Eyes launch shared security advice campaign for tech startups
Cybersecurity guidance designed for technology companies, Secure Innovation, has been launched across Five Eyes nations, in an effort to protect the sector from national security threats, particularly originating from other nation states. 

Originally a UK-only initiative from the National Cyber Security Centre (a part of GCHQ) and National Protective Security Authority (NPSA), tailored guidance is now available in Australia, Canada, New Zealand, the UK and the US. 

The guidance helps companies to create a cost-effective, bespoke action plan which supports them to assess their levels of secure innovation and identify any necessary actions they need to take to protect their business. 

G7 Cyber Expert Group recommends action to combat cyber risks from quantum
The G7 Cyber Expert Group (CEG) – chaired by the U.S. Department of the Treasury and the Bank of England – has recommended organisations have regard for the initial set of quantum-resilient encryption standards was released by the National Institute of Standards and Technology (NIST) and work to build resilience, particularly for sectors which hold highly sensitive information, such as the financial sector.

Cyber Essentials 10 years on
In a speech at the 10 year anniversary event for the Cyber Essentials scheme, DSIT’s Cyber Minister Feryal Clark highlighted the impact of Cyber Essentials for UK businesses, which are detailed in a new impact evaluation.

Further, she announced a new joint statement from DSIT, the NCSC, and the UK’s largest banks and building societies which aims to raise the levels of cyber security in critical national supply chains by exploring ways to expand the role of Cyber Essentials within their supplier assurance processes. 

NCSC updates

Business and industry

Businesses struggle to manage supply chain cyber risk
Businesses are facing a growing challenge in managing supply chain cyber risks, according to a new report from cyber defence company Blue Voyant, in their fifth annual State of Supply Chain Defense report. 

Despite 95% experiencing incidents in the last year, over half don’t regularly assess vendors for cybersecurity issues, and a third have no way of knowing when an incident occurs. This largely stems from  a lack of resources and expertise, even though budgets for third-party cyber-risk management have increased.

Further, prioritisation of third-party cybersecurity risk management has decreased; key challenges include understanding how to penalise non-compliant vendors, meeting regulatory requirements, and ensuring compliance. On the other hand, UK businesses are more proactive than their global counterparts in briefing senior management on these risks, indicating an awareness of the issue at the highest levels. 

If you want to learn more about supply chain cybersecurity resilience, check out CBN’s recent webinar for more insights from cyber leaders. 

Bridging the gaps to cyber resilience
Significant gaps exist between perceptions of cyber resilience among top security executives and C-suite leadership, according to the 2025 Global Digital Trust Insights report from PwC. 

Based on a survey of more than 4,000 business and technology executives across 77 countries, over two-thirds of technology leaders see cybersecurity as their top risk for mitigation – compared with less than half of business leaders. Despite this, CISOs are less likely to be involved in strategic planning, leading to a gap between CISOs and top C-suite executives over the company’s ability to comply with regulations, particularly those involving AI and critical infrastructure.

The report goes on to recommend that, in order to better communicate the need for cyber resilience, CISOs “share tech-enabled insights” and explain cyber priorities in business terms (cost, opportunity, risk).

Global threat report indicates increase in CNI cyberattacks
Cyber attacks on key critical national infrastructure (CNI) and supply chains continue to increase across the globe, according to data in Blackberry’s Q2 Global Threat Intelligence report. 

Notably, the period of April – June 2024 was “one of the highest” quarterly percentage increases in unique malware samples per day since their reporting began. The United States received the highest number of attempted attacks, followed by Japan, South Korea, Australia and Canada.The report does not go into detail on why these countries have received the most attacks, and although mentioning that the attacks came from both state and non-state actors, did not clarify further. 

While organisations are implementing measures like data encryption, fewer than half verify their suppliers’ cybersecurity compliance. The report stresses the urgent need for improved visibility and monitoring of software supply chains to reduce vulnerabilities.

To note, this report is based only on data collected by Blackberry in its internal systems.   

About CBN

Our new mission is to bring together cybersecurity companies to network, learn and debate across three key pillars — trade and export, policy, and market insights. Our members will be enabled to promote their cybersecurity expertise and capabilities, strategically engage with key stakeholders and develop lasting relationships in key verticals, in a wider effort to influence government policy and promote innovation in the sector. 

The strategic direction of CBN is shaped by our Membership who benefit from increased brand exposure and engagement opportunities with key stakeholders in the cyber space, other key sector verticals, media, government and regulators.

Membership to CBN is free for all cybersecurity organisations. If you are interested to hear more about CBN or want to become a member, then please reach out to secretariat@cb-network.org for more info.

Founded by Clarity

Global digital marketing and communications agency, providing fearless marketing and consultancy to the world’s most progressive companies.

We match data-driven science with human ingenuity to expand our full-funnel, specialist services and expertise. Our vision is to accelerate positive change and impact across the world. A firm believer of cybersecurity as an enabler of growth and resilience, we are proud to driving its prosperous impact forward. Get in touch with secretariat@cb-network.org to understand more on how Clarity can enhance reputation, create impact, and drive growth in your organisations.

CBN Newsletter – August 2024

Our monthly update to bring you the relevant, high-level policy and business news from across the cyber sector. 

This month, we provide an update on the new Labour government’s priorities, and highlight what the CrowdStrike incident could mean for cyber businesses.

If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch. 

never miss a thing

Sign Up to Hear about News and events

Sign up

Headline news

New government sets out priorities
The Labour Party swept into power on 5th July, winning a near-historic 411* seats, while the Conservative share collapsed for its worst-ever result. Over the past weeks, Keir Starmer’s government has wasted no time in setting a new tone for the country; however, while the cyber sector has largely welcomed the new government’s focus on cyber security national resilience, its impact is largely yet to be felt as Parliament breaks for recess, returning 2nd September. 

King’s Speech: legislative priorities 
In July, King Charles addressed the nation during the State Opening of Parliament, to set out the Government’s policy priorities and legislative programme for the coming year. In line with previous promises, Prime Minister Keir Starmer placed a primary focus on driving economic growth.

With 40 new(ish) bills, it is an ambitious programme which promises to “take the brakes off” the economy and reaffirm financial stability. Measures include boosting construction, reforming energy production, re-nationalising the railways, developing UK skills, and increasing and improving the use of data and digital technologies in the economy.

Chancellor’s financial statement
On 29th July, Chancellor Rachel Reeves declared a £22bn “hole” in the country’s finances. Although disputed by former Chancellor Jeremy Hunt, Reeves has been backed up by the Office for Budget Responsibility (OBR), which has formally launched a review of the Spring Budget forecasts. 

Reeves then announced a number of areas where the government intends to save money – including selling off “surplus” government property, a reduction in the use of external consultants in Whitehall and a pause on certain infrastructure projects. Tax rises are now expected in the October 30th Budget, alongside the outcome of a formal spending review for 2025-2026. 

A cyber lens
Notably, a Cyber Security and Resilience (CS&R) Bill will be introduced to ensure the security of critical infrastructure and digital services, building on Security of Network & Information Systems Regulations (NIS Regulations) 2018. DSIT Minister Feryal Clark also recently said that the CS&R Bill will be designed to strengthen the UK’s defences and ensure the services – private and public – that companies rely on are protected.

Further, Science, Innovation and Technology Secretary Peter Kyle said that national resilience – particularly in relation to cyber security – “suffered terribly” under the Conservatives due to division within the party. He claimed that he only became aware of the significance of the threat upon taking office, but concern led him to “put forward a request” for the new CS&R Bill, which had “national security priority”. 

Separately, the Government has launched a “root and branch” Strategic Defence Review which, led by three external experts, will consider the threats Britain faces, the capabilities (including digital and cyber) needed to meet them, the state of UK armed forces and the resources available. The Review is expected to be delivered “at pace”, with submissions invited until the end of September and the report delivered in the first half of 2025.

*Now 404 following the temporary suspension of seven MPs

If you have any questions about what the election and policy developments means for the cyber sector or your business, please get in contact with us at secretariat@cb-network.org.  

How resilient is our global IT infrastructure? 

On Friday, 19th July, 8.5 million Microsoft Windows computers around the world crashed, causing chaos and disruption for businesses and services including airlines, banks and hospitals.

While cyber security firm Crowdstrike quickly confirmed the outage was caused by a defective software update for its Windows hosts and worked to resolve the issue, the incident nonetheless called attention to the precariousness of IT infrastructure – and what could happen if an attack was carried out by malicious actors, as was then seen last week with the Microsoft Azure DDoS attack and subsequent software failure.

Businesses across the world are now asking themselves two questions – firstly, their place within the global supply chain and the strength of their incident management and response plans, as highlighted by the NCSC. And secondly – how can they prevent future incidents from affecting them?

Although some companies may look to bring their IT security functions in-house, this is not an option for all organisations, who may start seeking to diversify their software and other security application suppliers.

In light of the government’s upcoming CS&R Bill, the sector will be watching closely for strategic direction from officials on how they will look to improve resilience and “insulate” society and the economy from future attacks.

At the same time, the cyber sector as a whole has the responsibility and opportunity to not only highlight the importance of having a robust cyber resilience programme, but also to ask questions about the concentration of risk – given 62% of the global external attack surface is covered by 15 companies – and the long-term viability of this landscape. 

In light of this, keep an eye out for an upcoming CBN webinar which will bring together policymakers and key supply chain sector leaders to provide insights for members on what this means for the sector, and how we can make improvements going forward. 

If you have questions about how you can better communicate your services to customers or wish to speak to government about future solutions, please get in touch with the CBN team at secretariat@cb-network.org

News & Updates

Policy and political

Government extends call for views on the Cyber Security of AI
Originally published in May, before the General Election, the closing date for the government’s call for views on the Cyber Security of AI has been extended to this Friday, 9th August. 

The call for views sets out specific interventions to help secure AI, so that the benefits of AI can be realised, and asks for input as to whether industry would support the gov creating a global standard for AI cyber security. To note, a “call for views” is often an initial information-gathering exercise which will go on to determine formal proposals and policy.

If you have any questions about responding to this or other a government consultations, please get in touch with the CBN team. 

G7 countries to establish operational tech cybersecurity framework
In a statement following a summit in Italy, the Group of Seven (G7) countries acknowledged the rising cyber threat to critical infrastructure, particularly energy, and agreed to “explore avenues towards establishing mutual recognition of schemes for reliable cyber-safe products.” 

The potential collective framework would apply to both manufacturers and operators, as the statement signals an intention to incentivise tech companies to build more secure Internet of Things (IoT) products. This move was in conjunction with the United States’ recent Supply Chain Cybersecurity Principles, as indicated by a statement from the White House national security advisor. 

UK statement at the UN Security Council
UK Permanent Representative to the UN, Ambassador Barbara Woodward, gave a statement at the UN Security Council regarding the importance of addressing cyber threats to protecting global security. She highlighted four “trends” – the prevalence of ransomware, expansion of artificial intelligence, malicious activities on the global stage, and the risk of disinformation – going on to indicate the UK’s work in this area.

NCSC updates

Business and industry

ICO officially “reprimands” Electoral Commission
The Electoral Commission, which oversees UK elections, has been formally reprimanded by the Information Commissioner’s Office (ICO) over the security lapse which left millions of UK voters’ personal details “vulnerable to hackers”.

Following the 2021 breach, hackers had access to the Electoral Register for just over a year, until they were detected and “booted out” in 2022. The ICO’s investigation found the Electoral Commission did not have appropriate security measures – including secure passwords and up-to-date patches – in place to protect the personal information it held, which led to the breach.

UK faces significant cyber funding and skills gap
A new report, Underfunded and Under Reported: Threats, Breaches, and Budgets, reveals the CISOs face significant problems from a lack of funding, exacerbated by a lack of talent, tools, and time. Notably, 83% of respondents feel their organisation has a gap in its cyber skills, yet they struggle to access adequate talent. 

NCA leads international operation to crack down on unlicensed pen testing 
The National Crime Agency (NCA) worked with international partners to coordinate global action against unlicensed versions of Cobalt Strike.

CyberThreat 2024
The NCSC and SANS Institute announced that CyberThreat 2024, an event designed for security practitioners with a strong technical emphasis, will take place on 9th-10th December. 

Discover new opportunities by becoming a member of CBN today!

Through proactive engagement, deep collaboration, and expert consultation, we convene leaders from across the cybersecurity industry.

Join us