never miss a thing
Sign Up to Hear about News and events
CBN Newsletter | December 2024
Our monthly update to bring you the relevant, high-level policy and business news from across the cyber sector.
This month, we provide an update on two significant announcements from the UK government, an insights piece from out CBN comms lead, and our usual policy and business news.
If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch.
Headline News
UK hosts NATO Cyber Defence Conference
On 25th November, the UK’s Chancellor of the Duchy of Lancaster, Pat McFadden, addressed the second ever NATO Cyber Defence Conference at Lancaster House to highlight the threat of Russian aggression in cyberspace and announce the launch of a new security research lab.
McFadden said NATO members need to work together to strengthen their collective cybersecurity, and must “not underestimate” the threat Moscow – and other adversaries including Iran, North Korea, and China – poses in a “hidden war”, consistently targeting critical national infrastructure. He highlighted that, after 75 years, Western allies “need NATO more than ever”.
Further, the Chancellor, who oversees all national security and resilience for the UK, unveiled a new Laboratory for AI Security Research (LASR), in recognition that AI is “revolutionising” national security. The Lab, which has been set up in partnership between the UK Government, academia and the private sector, will also seek collaboration with allies including NATO and Five Eyes nations to help create better defence tools and organise intelligence.
Separately, NCSC CEO Richard Horne is expected to make is first major speech today (3rd December 2024) since starting the role in October to highlight that hostile activity in UK cyberspace has increased in “frequency, sophistication and intensity” from nation-state actors, including Russia and China, who want to cause maximum disruption. His speech also launches the NCSC’s eighth Annual Review, released today.
Chancellor calls out fraud in Mansion House speech
Rachel Reeves delivered her first Mansion House speech as Chancellor of the Exchequer on 14th November to unveil a strategy for driving economic growth, boosting private investment, and reforming financial services. Overall, her speech was centred on public investment, addressing domestic challenges, and enhancing the UK’s role in finance.
Notably, she also called on technology and telecommunications companies to go further in addressing fraud, alongside law enforcement and coordinated efforts across sectors, ahead of the upcoming fraud strategy expected in spring 2025.
If you have any questions about what these updates mean for the cyber sector or your business, or would like to engage with the Industrial Strategy consultation, please get in contact with us at secretariat@cb-network.org.
The other frontline: UK Government recognition of cyber threats
Shortly after the Labour party came to power, the new Secretary of State for Science, Innovation and Technology Peter Kyle warned that Britain is “desperately exposed” to cyber threats and pushed for the new Cyber Security and Resilience (CSR) Bill to replace a previously expected AI Bill, in order to prioritise national security amid warnings from the NCSC of rising attacks on critical national infrastructure (CNI) organisations.
Fast forward a few months down the line and NCSC Head Richard Horne has cautioned that cyber risks facing the nation, particularly from nation-state actors including Russia and China, are “widely underestimated”. He went on to say that the UK “must improve” the defence and resilience of CNI, supply chains, the public sector and the wider economy.
Horne’s speech follows the message from Pat McFadden, Chancellor of the Duchy of Lancaster who, last week, highlighted the importance of international cooperation on cybersecurity at the NATO Cyber Defence Conference, and announced the launch of a new Laboratory for AI Security Research (LASR). In his speech, McFadden noted that the war in Ukraine “is also raging on another frontline, in cyberspace.”
Taken alongside the recent designation of data centres as CNI and a potential commitment to reform the Computer Misuse Act (CMA) it would seem that the UK government has a high regard for and strong focus on cyber – however, this recognition is clearly not enough, as recent high-profile attacks on NHS hospitals and Transport for London (TfL) publicly highlight the fragility of our networks, and reports on the vulnerability of SMEs crop up frequently.
As noted by the Times, there is “only so much the government can do”, particularly given the vulnerability of supply chains, yet it still bears the primary responsibility for our national security.
So outside of legislation, what is the role of government in shoring up the defences of UK businesses? How could it better capitalise on the potential of the British cyber ecosystem – is innovation and investment really prioritised, and is the procurement process fit for purpose?
CBN plans to look at these questions – and more – in 2025. We always welcome input from our members, so please get in touch with any thoughts!
If you have questions about how you can better communicate your services, ongoing media trend analysis or wish to engage with government affairs, please get in touch with the CBN team.
News updates
Policy and political
4th Republic of Korea-UK Cyber Dialogue held in London
The UK hosted the fourth Cyber Dialogue with the Republic of Korea, during which the two countries discussed a wide range of issues including threat deterrence strategies, private sector collaboration, cyber skills, and international cooperation.
NCSC updates
- Cyber Security Toolkit for Boards: the NCSC has updated its Cyber Security Toolkit for Boards, now including a case study on the British Library’s ransomware attack that offers critical insights into cybersecurity vulnerabilities. The case study emphasises that senior management should be equipped with “cyber-risk awareness and expertise” to make informed strategic decisions that impact investment outcomes.
- UK and allies warn of rising zero-day attacks: the NCSC and international partners in Australia, Canada, New Zealand and the United States have reported a surge in cyber attackers exploiting zero-day vulnerabilities, with most of the top 15 vulnerabilities in 2023 targeted before fixes were available. Organisations are urged to apply patches promptly, manage vulnerabilities effectively, and adopt secure-by-design principles to reduce risks.
- Banishing malicious adverts: new guidance on digital advertising is designed to support businesses in choosing a “security-forward” partner, in order to increase public and commercial trust of the sector and allow businesses to protect revenue and reputation when advertising online.
- Black Friday cyber fraud warning: UK cyber and law enforcement agencies have launched a 2-step verification campaign as they urged shoppers to protect themselves against online scams.
Business and industry
New UKRI-funded network to bolster UK’s cyber security research ecosystem
The Cyber Security Research and Networking Environment (CRANE) NetworkPlus, established by Oxford University’s Computer Science Department, has been awarded a £6 million investment from the UKRI Engineering and Physical Sciences Research Council (EPSRC).
Launching in 2025, the initiative aims to drive better cyber security across the economy and make businesses, charities, communities, and people more resilient against cyber threats.
UK retailers exposed to email fraud ahead of Black Friday
New research from cyber company Proofpoint reveals that 40% of top UK online retailers are not fully protecting customers from email fraud, leaving them vulnerable during the pre-festive shopping period.
The study found that only 60% of retailers have implemented Domain-based Message Authentication, Reporting and Conformance (DMARC) protection – an email authentication protocol designed to block fraudulent emails. While this is a slight improvement from 2023, many retailers still lack adequate security.
Amid holiday sales, the report urges consumers to use multi-factor authentication, avoid suspicious websites and verify deals to stay safe from phishing and fraud.
This report is based only on data collected by Proofpoint.
About CBN
Our new mission is to bring together cybersecurity companies to network, learn and debate across three key pillars — trade and export, policy, and market insights. Our members will be enabled to promote their cybersecurity expertise and capabilities, strategically engage with key stakeholders and develop lasting relationships in key verticals, in a wider effort to influence government policy and promote innovation in the sector.
The strategic direction of CBN is shaped by our Membership who benefit from increased brand exposure and engagement opportunities with key stakeholders in the cyber space, other key sector verticals, media, government and regulators.
Membership to CBN is free for all cybersecurity organisations. If you are interested to hear more about CBN or want to become a member, then please reach out to secretariat@cb-network.org for more info.
Founded by Clarity
Global digital marketing and communications agency, providing fearless marketing and consultancy to the world’s most progressive companies.
We match data-driven science with human ingenuity to expand our full-funnel, specialist services and expertise. Our vision is to accelerate positive change and impact across the world. A firm believer of cybersecurity as an enabler of growth and resilience, we are proud to driving its prosperous impact forward. Get in touch with secretariat@cb-network.org to understand more on how Clarity can enhance reputation, create impact, and drive growth in your organisations.