never miss a thing
Sign Up to Hear about News and events
CBN Newsletter | January 2025
Our monthly update to bring you the relevant, high-level policy and business news from across the cyber sector.
This month, we provide an update on two significant announcements from the UK government, an insights piece from out CBN comms lead, and our usual policy and business news.
If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch.
Headline News
Global Cybersecurity Outlook 2025
The World Economic Forum (WEF) has published its annual Global Cybersecurity Outlook report, which highlights the complexity of the cybersecurity landscape – intensified by geopolitical tensions and emerging technologies, interdependencies and cybercrime sophistication, governments, organisations and individuals are being challenged to adapt and innovate in order to ensure our continued security.
Please see below for a longer analysis.
Risk facing UK “widely underestimated”
The National Cyber Security Centre (NCSC) published its Annual Review 2024, drawing out key aspects and learnings from the agency’s work over the past year across four chapters – cyber threats; cyber resilience; the cyber market ecosystem; and future cyber technologies.
Notably, it highlights geopolitics and the continuing cyber threat of nation-state actors – particularly China and Russia – against the UK’s critical national infrastructure (CNI), a point which was emphasised further by CEO Richard Horne in his first major speech.
Launching the Review, Horne cautioned that cyber risks facing the nation from nation state actors are “widely underestimated”, and the UK is engaged in a “contest for cyberspace” with those seeking to use our “technology dependence” to disrupt daily life. The report indicated that there has been a sizable increase in the number of incidents handled by the organisation in the 12 months up to August 2024, with ransomware being the most pervasive threat.
UK: AI Opportunities Action Plan
The UK Government has published its “AI Opportunities Action Plan”, which lays out how it intends to employ artificial intelligence (AI) to boost economic growth and deliver more efficient public services, and is described as a “cornerstone” of the Government’s Plan for Change.
Identifying three overarching goals, the Plan is broken down into 50 recommendations which give further detail and approximate timelines for when each will be implemented. Overall, the Plan takes a bold approach to AI, with the “safety” and “guardrails” approach from previous Prime Minister Sunak seemingly left behind. Interestingly, cyber (security) does not feature heavily, instead only mentioned briefly in terms of increasing talent and skills, as well the potential for regulation to actually drive innovation, rather than hinder it.
If you have any questions about what these updates mean for the cyber sector or your business, or would like to engage with the Industrial Strategy consultation, please get in contact with us at secretariat@cb-network.org.
Enhancing communication between security and business leaders
Written by Marco Bresciani, Cyber Risk Enthusiast and CBN Board Member
How can cybersecurity professionals bridge the gap between technical risks and business priorities?
Communicating cybersecurity risks effectively to executives requires more than just technical knowledge – it needs data-driven, actionable insights.
Cyber risk quantification (CRQ) bridges this gap by offering an objective way to assess and communicate cyber exposure, enabling better decision-making and risk prioritisation. Frameworks like Open FAIR framework provide structured approaches, but challenges such as complexity, manual processes and static data have hindered adoption.
Early adopters show that success comes from aligning CRQ with business needs, leveraging available data and automating processes for efficiency. CRQ is now maturing into a vital tool for informed cybersecurity investment and risk management, proving that innovation thrives where determination exists.
Read the full article from CBN Board Member Marco Bresciani, who delves into the evolving role of CRQ and its potential to revolutionise cybersecurity communication.
Image credit: Thinkstock
News Updates
Political and policy updates
CMA reform gains traction in the House of Lords
Lord Holmes of Richmond, supported by Lord Clement-Jones, tabled an amendment relating to the Computer Misuse Act (CMA) during the Lords Committee stage (day 4) debate of the Data (Use and Access) Bill.
The amendment would have afforded a legal defence for legitimate cybersecurity activities, serving to provide stronger legal protections for cybersecurity researchers and professionals engaged in threat intelligence research, updating in provisions made in 1990 by the CMA. As noted by Lord Arbuthnot of Edrom, these amendments come in the context of the long-standing CyberUp campaign. The Lords urged the Government that the update is necessary for the UK to avoid falling further behind advancements in emerging technology, such as AI.
The Minister, Baroness Jones of Whitchurch, acknowledged the importance of having the correct legal framework to protect legitimate cybersecurity activities, and that the Government is committed to ensuring the CMA is updated, with the issue being investigated by the Home Office, as well as the NCSC and law enforcement agencies.
The amendments were withdrawn.
Regional skills projects to bolster UK cyber defences
The Government has announced £1.9m new private and government funding for 30 projects, delivered by local organisations, which will be targeted at boosting the UK’s cyber resilience by plugging skills gaps.
First announced at a global cyber security meeting convened by the UK in September, these projects – delivered by organisations such as universities, local community groups and businesses – will tap into local “know-how” and partnerships to support initiatives which meet the needs of individual areas. The projects include programmes to upskill workers and improve diversity in the talent pipeline, ultimately serving to bolster the cyber workforce, drive growth, and improve economic and cyber security.
Reaction system activated to track undersea infrastructure threats
Following reported damage to an undersea cable in the Baltic Sea, the UK and allies have launched a new UK-led reaction system to track potential threats to undersea infrastructure and monitor the Russian shadow fleet via the Joint Expeditionary Force (JEF).
Second UK-EU Cyber Dialogue takes place in London
The second Cyber Dialogue between the EU and UK took place in London in December, during which representatives discussed respective approaches to cyber resilience; deterrence strategies; countering cybercrime; the Pall Mall Process; cyber skills; and cyber capacity building.
The next dialogue will take place in Brussels in 2025.
UK and Norway join forces to counter eavesdropping
The UK and Norwegian governments announced an agreement to collaborate more closely on research and development of technical security, to detect and expose eavesdropping devices.
Under this agreement, the two nations aim to bolster their collective resilience against threats from hostile states.
NCSC updates
- CyberFirst girls competition: the results of its 2024 CyberFirst Girls Competition saw this year the largest number of girls signing up since its inception. The contest is designed to encourage girls to explore the world of cyber and technology, helping to address the lack of diversity in the UK cyber workforce, where women currently make up just 17%.
- Improving operational technology (OT) security: new guidance is designed to help critical infrastructure organisations secure their operational technology (OT) systems.
- Cyber Incident Response scheme: the Cyber Incident Response (CIR) ‘Enhanced Level’ (formerly Level 1) scheme standard has been updated, including new prerequisites and qualification requirements. The scheme is preparing to begin accepting new applications in the new year.
Business and industry
Global Cybersecurity Outlook 2025
The World Economic Forum (WEF) has published its annual Global Cybersecurity Outlook report, which highlights the complexity of the cybersecurity landscape – intensified by geopolitical tensions and emerging technologies, interdependencies and cybercrime sophistication, governments, organisations and individuals are being challenged to adapt and innovate in order to ensure our continued security.
Notably, the report marks a stark disparity between large and small organisations in terms of security capabilities – a trend which is reflected between the global north against the global south, and private versus public sector.
Looking ahead to 2025, the report predicts that the world is entering an “unprecedented” era of complexity – with both national and international companies facing overlapping, increasing regulatory requirements and greater dependence upon potentially insecure supply chains.
It presents an “AI-cyber paradox”, threat actors employ new technologies to widen the threat to potentially disrupt human safety, as cyber defenders race to employ the same technologies to strengthen barriers against such attacks. Future technologies such as quantum computing offer “unprecedented” opportunities to accelerate security – and risk.
The report concludes by highlighting that it is crucial for leaders to understand the cumulative impacts of this complexity on both organisational and national cybersecurity – and that the financial implications of a lack of cybersecurity measures should far outweigh the cost of implementing the measures.
Cyber in the headlines: state-affiliated threats dominate landscape
Against the backdrop of rising geopolitical tensions, reports highlighting the ever-increasing rate of cyberattacks – particularly from state-affiliated groups – have dominated sector headlines.
A report from Cyfirma focused on the sharp increase in frequency and severity of attacks from Russian-affiliated groups such as Sandworm and APT29 over the course of 2024, targeting key areas in the UK and NATO allies such as critical infrastructure, governmental and defence organisations, and supply chains.
At the same time, reports that Chinese state-affiliated Salt Typhoon hacker group carried out a series of high-profile attacks against US-based telecommunications companies has highlighted the possibility of similar attacks against UK equivalents.
The NCC Group’s analysis of cyber threats in the UK highlighted a rise in ransomware attacks which featured a “blurring of lines between criminal and state-sponsored activity”, making way for more “sophisticated” attacks from a range of actors. Over three-quarters of attacks affected organisations in Europe and North America, particularly against “industrials” sectors, with Akira acting as the most active threat and new ransomware strain Ymir emerging as a dominant player.
News of rising threats – or indeed from state-affiliated actors – may be nothing new, but recent reports taken together have indicated a refreshed awareness which we can expect to continue throughout this year; this is reflected by the NCSC’s Annual Review, and by the WEF’s Cybersecurity Outlook.
Industry Event |GovTech Show and Exhibition 2025: Public Sector Innovation and Transformation
The Royal Society of Medicine, London
19th March 2025, 9am – 5pm
CBN is delighted to offer our members an exclusive opportunity to join the Institute of Government & Public Policy for their upcoming GovTech and Exhibitor 2025 event.
In collaboration with Socitm, the Society for Innovation, Technology and Modernisation, the event will to reimagine how the public sector operates and serves citizens. It will tackle the barriers and challenges of transforming public services to meet demand head-on, and attendees will walk away with actionable insights on harnessing efficient, secure, and sustainable technology to deliver cost-effective, citizen-centric services.
Join IGPP in central London for an immersive journey where public sector professionals, policymakers, and the brightest minds in industry converge to explore the technological possibilities shaping the future of the UK public sector.
CBN is able to offer 20 exclusive free places to our members. If you are interested, register your place with sign up code: CLARITY100.
About CBN
Our new mission is to bring together cybersecurity companies to network, learn and debate across three key pillars — trade and export, policy, and market insights. Our members will be enabled to promote their cybersecurity expertise and capabilities, strategically engage with key stakeholders and develop lasting relationships in key verticals, in a wider effort to influence government policy and promote innovation in the sector.
The strategic direction of CBN is shaped by our Membership who benefit from increased brand exposure and engagement opportunities with key stakeholders in the cyber space, other key sector verticals, media, government and regulators.
Membership to CBN is free for all cybersecurity organisations. If you are interested to hear more about CBN or want to become a member, then please reach out to secretariat@cb-network.org for more info.
Founded by Clarity
Global digital marketing and communications agency, providing fearless marketing and consultancy to the world’s most progressive companies.
We match data-driven science with human ingenuity to expand our full-funnel, specialist services and expertise. Our vision is to accelerate positive change and impact across the world. A firm believer of cybersecurity as an enabler of growth and resilience, we are proud to driving its prosperous impact forward. Get in touch with secretariat@cb-network.org to understand more on how Clarity can enhance reputation, create impact, and drive growth in your organisations.