never miss a thing
Sign Up to Hear about News and events
CBN Newsletter | December 2025
Our monthly update bringing you the relevant, high-level policy and business news from across the cyber sector.
This month, we take a look at our Inaugural Parliament & Cyber Conference, the Government’s Autumn budget, alongside a raft of other public and private sector announcements.
If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch.
Headlines
Security Minister speaks at Parliament and Cyber Conference
Minister for Security Dan Jarvis delivered the keynote speech at our first Parliament and Cyber Conference 2025, in which he called for stronger cyber resilience across government, business and society with the escalation of cyber threats in a hyper-connected world.
Jarvis highlighted how, if cybercrime were an economy, it would be the third biggest in the world with global scams expecting to cost $27 trillion a year by 2027. The government is seeking to act with both legislation and policy, including the recently introduced Cyber Security and Resilience Bill, and the Counter Political Interference and Espionage Action Plan as well as support of the NCSC.
During his address at the conference, Jarvis noted that “Our tech sector is one of the most crucial chips in the economy’s motherboard. One that takes its cyber security seriously. I hope that, through Government support and their own initiative, that the rest of our business leaders follow in your footsteps.”
Government’s publishes Cyber Security and Resilience Bill
The Government introduced the Cyber Security and Resilience Bill for its First Reading in the House of Commons on 12 November 2025, marking the first time a UK Bill has included “cyber” in its title. The legislation represents a significant effort to modernise the UK’s cyber framework by expanding the scope of regulated services, strengthening reporting requirements and providing regulators with enhanced tools to enforce compliance. It builds on the Cyber Governance Code of Practice published in April 2025 and further develops the UK’s NIS regime, bringing it closer, though not fully in line with, the EU’s NIS2 directive.
The Bill widens the range of organisations subject to cybersecurity standards, introducing data centres as essential services under joint oversight from Ofcom and the DSIT Secretary of State.The Bill also, amongst other provisions:
- Establishes new definitions for relevant digital service providers, including online marketplaces, search engines and cloud computing services,
- Brings large managed service providers into scope where they provide ongoing access to customer systems.
- Strengthens reporting requirements significantly, with in-scope organisations required to submit an initial incident notification within 24 hours and a full report within 72 hours.
- Expands the definition incident to include events capable of affecting network and information systems, even where no data has been compromised.
Please contact secretariat@cb-network.org for more information on the Bill.
Policy panel: Designing a resilient future
At the Parliament and Cyber Conference, during the Panel “UK cyber policy: designing a resilient future”, speakers, including Cyber Innovation APPG officer Alison Griffiths MP, and Jonathon Ellison, National Resilience Director at the NCSC emphasised the scale of the challenge and the importance of ensuring the Bill is implemented in a way that is both effective and proportionate.
Across our events, there was clear consensus from both public and private sector voices on the need for sustained cross‑collaboration as the Bill progressed through Parliament, with particular focus on proportional definitions, workable reporting obligations and transparent approaches to designating critical suppliers.
Innovation panel: Securing our future in a world of AI and quantum
The second panel at Parliament and Cyber Conference 2025, titled “The next frontier: securing our future in a world of AI and quantum,” examined how emerging technologies are reshaping both opportunity and risk for the UK.
Artificial intelligence was discussed as a major driver of growth and productivity, but panellists underlined how it has already begun to transform the cyber threat landscape. Panellists highlighted escalating AI enabled fraud, the potential misuse of generative tools, and complex questions of accountability in autonomous defence systems. Looking ahead, they noted that the emergence of quantum computing could further disrupt existing cyber security protocols and undermine many of today’s cryptographic standards.
The panel focused on how the government can respond with agile and effective policy, working closely with industry to strengthen resilience and protect both the economy and wider society.
Speakers included Daniel Aldridge MP, Chair of the APPG for Cyber Innovation, Zeki Turedi, Field CTO at CrowdStrike, Shaukat Ali Khan, CDIO at NHS West Yorkshire, Dr Melanie G., Associate Professor at UCL, and Sean Remnant, CSO at Exclusive Networks.
Insights
What to expect in 2026 from CBN
Following our Conference it was clear that cyber resilience is now firmly established as a national priority.
With more than 150 parliamentarians, policymakers, academics and industry leaders there was a clear consensus from both public and private sector voices emphasising the need for sustained cross‑collaboration as the Bill progresses through Parliament, with particular focus on proportional definitions, workable reporting obligations and transparent approaches to designating critical suppliers.
In 2026, CBN looks forward to working constructively with the Government as it sets out its plans across Cyber Security, most notably the Cyber Security & Resilience Bill, as well as the forthcoming National Cyber Action Plan, and broader government approaches. We are excited to develop on the progress made this year, including supporting the APPG for Cyber Innovation, to create further opportunities for engagement with key stakeholders.
Please do get in touch with the team at secretariat@cb-network.org for more information.
Policy & Political
Autumn Budget 2025
After much speculation and anticipation, the Chancellor’s Autumn Budget was unveiled – albeit following a premature leak from the Office for Budget Responsibility.
The Budget was presented as making the “fair and necessary choices” to ease pressures on households, strengthen public services and support growth.
Cyber was predominantly absent from the Chancellor’s Budget speech. With her self-imposed rules preventing rises to income tax, National Insurance or VAT, she instead relied on freezing income thresholds and introducing a series of wider tax increases to reduce borrowing and create future fiscal headroom. Business rates for retail, hospitality and leisure will be permanently lowered, funded in part by higher rates for the most expensive properties. Notably:
- Over £120 billion of departmental capital spending was protected for transport, housing, nuclear and record R&D, supported by a National Wealth Fund with £153 billion of capacity expected to mobilise around £70 billion of private investment.
- Regional and place based funding was strengthened through an expanded Local Growth Fund and Mayoral Revolving Growth Fund, alongside targeted support for northern growth corridors.
- Business investment incentives included expanded venture capital schemes, wider EMI eligibility and a new 40% first year capital allowance for plant and machinery from 2026.
Technology also featured prominently, with commitments on AI infrastructure and data centres, new AI Growth Zones and a brief reaffirmation of previously published digital ID plans in the context of immigration control and efficiency savings, as well as reaffirmation of defence spending targets.
Ministers and NCSC write to small business on cyber security
Minister Liz Lloyd, Minister Blair McDougall and the National Cyber Security Centre (NCSC) CEO Richard Horne have written to small businesses reminding them of the resources available to them to ensure that they remain cyber secure – including the free Cyber Action Toolkit, Cyber Essentials, and Action Fraud.
The signatories urge small businesses to take these steps to remain resilient in the face of increasing cyber attacks; half of small businesses in the UK report having suffered a cyber attack in the previous 12 months and 35% of micro businesses reported phishing attacks.
The NCSC has also published a dedicated blog on these available resources, which can be seen here.
NCSC Stop! Think Fraud campaign
The NCSC has launched a nationwide Stop! Think Fraud campaign, offering advice to individuals and small businesses ahead of the busy festive period. The campaign encourages online shoppers to follow tips from the Home Office and the NCSC to avoid online scams, with individuals encouraged to report suspicious activity to the NCSC.
Cyber recruits graduate from Defence Cyber Academy
An inaugural group of around 30 graduates will enter operational roles in cyber defence following their training at Defence Cyber Academy on their fast-track Cyber Direct Entry programme, with new training places available for people aged 18-39 for 2026.
The graduates will be joining the new Defence Cyber & Electromagnetic Force (DCEMF).
The entry route sees basic training reduced from 10 weeks to around one month, after which recruits undergo three months’ specialist training.
In 2025, the UK faced 18 major cyber incidents – an almost 50% increase on the previous year and the third consecutive annual rise.
Research and analysis: Research on mapping the AI and software cyber security services market
The government is carrying out research on mapping the AI and software cyber security services market. Commissioned by DSIT, this project aims to better understand the skills, services, and tools available to support organisations in the UK in meeting the requirements of the Global Standard for AI Cyber Security and the Software Security Code of Practice.
The research will build on this market analysis, and will consist of a telephone survey of UK-based organisations that provide AI and/or software cyber security services.
NCSC Updates
- NCSC consumer alert for holiday shopping scams: Ahead of Black Friday and the festive season, the NCSC and Home Office’s nationwide Stop! Think Fraud campaign urges online shoppers and small businesses to stay alert to scams after £11.8m was lost to online shopping fraud last year; advice includes checking retailers are legitimate, turning on 2-step verification for important accounts, paying securely (avoiding direct bank transfers and unnecessary card detail storage), being wary of delivery scam messages and links, and reporting suspicious emails, texts or fake websites to the NCSC.
- NCSC retirement of Web Check and Mail Check by 31 March 2026: The NCSC will retire its Web Check and Mail Check services in favour of a now-mature external attack surface management (EASM) market, urging organisations to adopt commercial EASM tools guided by its new buyer’s guide, continue using Early Warning and DNS Check via MyNCSC, and subscribe to the Check your cyber security service to monitor email anti-spoofing and email privacy as part of its ACD 2.0 roadmap.
- NCSC Proactive Notifications Service: As part of its updated Active Cyber Defence approach, the NCSC has launched a pilot service with Netcraft that proactively scans for selected publicly visible vulnerabilities, sends plaintext notification emails from netcraft.com to affected organisations with guidance on remediation, and complements (but does not replace) organisations’ own security monitoring, which can be further strengthened by signing up to the free NCSC Early Warning service.
- NCSC Cyber Action Toolkit for small businesses: the NCSC has created a free, personalised tool for sole traders, micro and small organisations that gives clear step-by-step actions, three levels to progress through (Foundation, Improver, Enhanced), simple progress tracking, and a path toward Cyber Essentials.
- NCSC handover of smart meter security assurance:After more than a decade securing the UK’s SMETS2 smart metering infrastructure through its Commercial Product Assurance (CPA) scheme, including around 150 evaluations and over 32 million certified devices, the NCSC has formally transferred ownership of the smart meter CPA scheme to the Smart Energy Code Security Sub-Committee under DESNZ stewardship, marking a mature, industry-led assurance model that frees NCSC to focus on challenges where it is uniquely placed to add value.
Parliamentary Questions
This past month, questions were answered on army recruitment into their cyber stream, the growth of a grey area in cyber defence investment, and cyber-security based amendments to regulations of telecoms infrastructure One debate highlighted the role of the Council of Europe in tackling cyber crime, and the yearly debate on Remembrance Day outlined the growth of military personnel specialising in cyber warfare. The need to highlight cybersecurity training amongst SME’s was outlined, and the House of Commons Business and Trade Committee outlined the need for cybersecurity to form part of an economic security safeguard for businesses. The Government further announced cyber counter-measures against Chinese espionage.
Business & Industry
Major UK altnet data breach highlights supply chain risk
Alternative broadband provider Brsk, which recently merged with Netomnia, reported a major DDoS customer data breach that reportedly exposed around 230,000 customer records for sale on a hacking forum. The compromised database included names, email addresses, physical addresses, phone numbers, installation and booking details, internal IDs, location data and indicators of vulnerable customer status, although Brsk stated that no financial information, passwords or login credentials were affected.
Cyber attack on London councils triggers emergency response
Westminster City Council and the Royal Borough of Kensington and Chelsea activated emergency and business continuity plans following a cyber attack that disrupted shared IT systems and phone lines. Working with cyber specialists and the National Cyber Security Centre, both councils focused on maintaining critical services and support for vulnerable residents while systems were taken offline and restored.
The Information Commissioner’s Office was notified and investigations into the source, scale and any potential data compromise are ongoing. Other London boroughs, including Hammersmith and Fulham, were also believed to have been affected and were advised to warn staff about phishing risks, including suspicious emails and unexpected links, as services were not expected to be fully restored until later in the week.
KawaiiGPT shows how free AI tools are lowering the barrier to cybercrime
The growing use of KawaiiGPT has been outlined as aiding in lowering the barrier to commit cybercrime. KawaiiGPT, a free, open source “black hat” large language model that has been available since July 2025 and is now at version 2.5. Unlike paid tools such as WormGPT, KawaiiGPT could be installed from GitHub in minutes and used via a simple command line interface to generate convincing phishing emails, ransomware notes and working attack scripts, enabling even low skilled individuals, referred to informally as “script kiddies”, to launch sophisticated campaigns. With hundreds of users coordinating via Telegram, the tool illustrated how freely available offensive AI was compressing attack cycles and eroding traditional warning signs such as poor grammar, reinforcing the need for AI aware email filtering, anomaly detection and broader defensive controls.
Cyberattack exposes customer data of major financial institutions
Real estate finance and tech vendor SitusAMC disclosed a cyber attack that may have exposed customer data from several leading US banks, including JPMorgan, Morgan Stanley and Citi, as well as other top‑tier institutions. The firm, which processes mortgage payments and manages real estate loan data for many of the top 20 US banks, reported that corporate accounting records, legal agreements and some client customer details were accessed, although no encrypting malware was involved. The incident currently remains under FBI investigation.
Events
Members should keep their eyes peeled as we will be launching our 2026 events and activity in the coming weeks.
Partner Events
Sign up for the CCUK Fraud Summit 2026
We are excited to announce the return of our highly anticipated Fraud Summit 2026, bringing together the industry’s most authoritative voices. CCUK is currently looking sponsors for the event, and has a range of sponsorship packages.
Join CCUK on Wednesday 15th April 2026 at One Birdcage Walk in London for our second annual summit. We’ve built on the success of last year to create an even more powerful, insightful agenda focused on actionable intelligence and collaborative solutions.
This is your opportunity to gain unparalleled access to the decision-makers and experts who are shaping the UK’s response to security threats.
This year’s programme will feature an elite lineup of speakers from every critical sector, ensuring you get a 360-degree view of the fraud landscape. Connect with industry peers and key stakeholders in a focused, professional setting.
CBN members get discounted tickets, secure yours here.
Would you like to raise your company profile by being the event’s supporter? Check our sponsorship pack here and contact team@commscouncil.uk for more information.
Please do contact team@commscouncil.uk for more information.
About CBN
The Cybersecurity Business Network is a coalition of leading UK-based organisations committed to strengthening the nation’s cyber resilience, fostering innovation and supporting economic growth. Through collaboration and knowledge sharing, we empower our members to drive growth and set standards for excellence across the UK cyber sector.
As a member-led network, our ambition is to serve as the unified voice of the UK cyber industry, championing its interests, amplifying its potential, advocating for greater engagement and support from government, media, and the wider business community.
Membership to CBN is free for all cybersecurity organisations. If you are interested to hear more about CBN or want to become a member, then please reach out to secretariat@cb-network.org for more info.