never miss a thing
Sign Up to Hear about News and events
CBN Newsletter | January 2026
Our monthly update bringing you the relevant, high-level policy and business news from across the cyber sector.
This month, we take a look at the newly released Cyber Action Plan, the long-awaited second reading of the Cyber Security and Resilience Bill, where the House of Commons will take its first opportunity to scrutinise the main aspects of the Bill, as well as a number of high-profile cyber incidents that occurred as 2025 was wrapping up.
If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch.
Headlines
Cyber Security and Resilience Bill undergoes second reading in the House of Commons
Today, the Cyber Security and Resilience Bill has undergone its second reading in the House of Commons. The Bill is set to be passed through the lower house, with the expectation of Royal Assent in mid-2026.
The legislation represents the most significant effort to date in modernising the UK’s cyber framework by expanding the scope of regulated services, strengthening reporting requirements, and providing regulators with enhanced tools to enforce compliance. The legislation further develops the UK’s NIS regime, bringing it closer in line with the EU’s NIS2 directive.
The legislation aims to establish new definitions for relevant digital service providers (including online marketplaces, search engines and cloud computing services), and incidents (to include events capable of affecting network and information systems, even where no data has been compromised)
The Bill will mandate 24-hour initial incidence reporting, with a full report required after 72 hours, as well as widening the range of organisations subject to cybersecurity standards, introducing data centres, as essential services under joint oversight from Ofcom and the Secretary of State for DSIT.
Following its second reading, the Bill will enter committee stage, where a detailed clause-by-clause examination will take place. During this process, Parliament will look to agree more complete definitions of which entities are in scope, what the exact penalty regimes may be for non-compliance, and specify more detailed security and resilience requirements.
During committee stage, cyber industry experts may wish to appear as oral witnesses, or submit written evidence to the Public Bill Committee when it calls for it.
If you have any questions around the Bill, or any amendments that parliament may propose in the Bill’s second reading, please contact secretariat@cb-network.org.
Government announces Cyber Action Plan to strengthen resilience and incidence reporting for public sector and government departments
Prior to the second reading of the Cyber Security and Resilience Bill, the government announced its Cyber Action Plan on the morning of the 6th January 2026. The plan aims to strengthen cyber defences and digital resilience across government departments and the public sector, backed by over £210m of government funding. It is notable that the £210m of funding is far less than the similar £2.6bn pledged in the 2022 National Cyber Strategy for modernising public sector legacy systems to become more resilient.
Driven by a newly formed ‘Government Cyber Unit’, this plan supports a wider strategy by the government to digitise public services, improve online service accessibility, reduce times spent in online queues, and centralise access to government support and resources.
The plan focuses on achieving clearer visibility of cyber risks across government departments, acting to strengthen mitigation efforts and implementing faster and more robust incident response procedures.
Additionally, the government has announced the Software Security Ambassador Scheme, which aims to reduce software supply chain attacks through a new Software Security Code of Practice. Cisco, Palo Alto Networks (PAN), Sage, Santander and NCC Group have agreed to act as ambassadors for the scheme.
If you have any questions around the Cyber Action Plan and what it might mean working in, or closely with, the public sector, please contact secretariat@cb-network.org.
UK and Europe are under threat from Russian ‘information warfare’, warns Foreign Secretary
In a speech commemorating the centenary of the signing of the Locarno Treaties in 1925, the Foreign Secretary Yvette Cooper warned that ‘hybrid threats’ from Russia are threatening the UK and Europe, aimed at destabilising democracy, undermining collective interests and weakening critical national infrastructure.
These hybrid threats include, but are not limited to, ‘relentless’ cyberattacks against businesses and critical infrastructure, dissemination of social media disinformation (including utilising generative AI), and state-sponsored sabotage.
Cooper cited Russia’s campaign of ‘information warfare’ as a driving force that has led the UK to develop, and continue develop, its defensive cybersecurity, law enforcement and intelligence capabilities.
In addition to the threat posed by Russia, the Foreign Secretary also raised the issue of Chinese-origin cyber threats. She used the speech to announce new sanctions on two China-based companies, i-Soon and Integrity Technology Group, which the government allege have been involved in ‘vast and indiscriminate cyber activities against the UK and allies’.
Hackers set their sights on government, with cyberattacks against the Foreign Office and Westminster City Council
The end of 2025 saw two cyberattacks launched against two major departments of national and local government. The Foreign, Commonwealth and Development Office (FCDO) and Westminster City Council both experienced cyber incidents in a pertinent reminder that the government remains a key target for cyber criminals.
The cyberattack affecting the FCDO was confirmed by Chris Bryant MP, who stated that the government had been aware since October 2025. The minister has claimed that the risk of compromise to individual data was ‘low’. While Bryant claimed that the perpetrators were ‘unclear’, The Sun newspaper has pointed fingers at a Chinese hacking group named Storm 1849, who were behind the ‘ArcaneDoor’ campaign affecting Cisco infrastructure in 2024.
The cyberattack against Westminster City Council took place in late November, with confirmation from the council that data had been copied by the perpetrators, which potentially included sensitive council data. This also included data on a server that was shared between Westminster City Council and Kensington and Chelsea Council, however Westminster Council remains primarily affected. The perpetrators are currently unclear.
Westminster Council has urged residents to follow NCSC advice and be wary of any suspicious calls or emails, and has set up a helpline and email address to assist with any public enquiries relating to the cyber incident.
Insights
What to expect from CBN in 2026
CBN will be ramping up its advocacy work in 2026, with the year set to be pivotal legislative and strategic year in the UK cyber landscape. Our work will focus on engaging proactively with the Government on key areas that directly impact our community and expand member’s opportunities within the UK market.
Cyber Security & Resilience Bill: With the expectation of Royal Assent later this year , this legislation will undergo extensive parliamentary scrutiny in early 2026, modernising and strengthening UK cyber defences, including the expansion of NIS/NIS2. CBN is taking a proactive role in advocacy to shape the bill’s legislation and implementation.
- National Cyber Action Plan: We will engage proactively with the team shaping the new ‘business first’ action plan, aimed at bolstering economic resilience and led by Security Minister Jarvis.
- Upcoming Regulation: We will enable the sector to have a voice, seeking to support the development of effective, proportionate regulation as oversights across critical verticals are strengthened.
- Strengthening SME Cyber Resilience: Following the work of the NCSC SME cyber strategy in 2025, CBN will focus its advocacy efforts on supporting the implementation of this strategy and bringing our members’ expertise to the fore.
- Digital Transformation: As Government and the public sector push toward increasingly digitised services, we will engage with public sector organisations to showcase our members’ expertise and ensure robust cybersecurity resilience.
- APPG for Cyber Innovation: CBN will be continuing its work supporting the APPG for Cyber Innovation, creating further opportunities for engagement with key stakeholders across government departments.
Policy & Political
New Chief of SIS focuses on cyber and technology in first major speech
Blaise Metrewelli, the newly appointed chief of the UK’s Secret Intelligence Service (SIS), more commonly known as MI6, emphasised the organisation’s focus on enhancing its technological and cybersecurity capabilities in a speech delivered on the 15th December 2025.
Metrewelli claimed that SIS is currently operating in a ‘space between peace and war’, in which advanced technologies are reshaping conflict, power and trust globally. She highlighted how converging fields such as AI, biotechnology, and quantum computing are accelerating threats to UK national security.
She stressed that information had become weaponised through disinformation and manipulation tactics, exemplified by increasing threats posed by Russian hybrid warfare, including cyberattacks, drones, sabotage, and influence operations.
In response, SIS is refocusing its efforts on mastering its use of technology, particularly around AI and data, and integrating it into their work such that officers are as comfortable with code as with human sources.
This would see the SIS deepen partnerships across the UK intelligence community and the wider technology ecosystem, recognising that the defining issue is not who has the most powerful tech, but who can apply it effectively.
The UK and South Korea agree to enhance cyber collaboration in a new joint statement
The governments of the UK and South Korea agreed a joint statement on deepening technology ecosystems and strengthening digital collaboration, following the second UK-ROK (Republic of Korea) Digital Partnership Forum in Seoul, on 16th December 2025.
Four key pillars were agreed as part of the joint statement. These pillars are: strengthening digital infrastructure, fostering technological innovation, reinforcing multi-stakeholder approaches, and enhancing cybersecurity and securing critical technologies
The fourth pillar sees a commitment from both states to further collaborate to strengthen cybersecurity, within the framework of the last UK-ROK Cyber Dialogue, which saw the UK and South Korea commit to working together to counter malicious cyber activity from malign states, namely North Korea, Russia and China.
With the new joint statement, both states have renewed this commitment, as well as reinforcing a particular focus on the growing role of AI within the cybersecurity field.
NCSC Updates
- Mistaking AI vulnerability could lead to large-scale breaches, NCSC warns: NCSC has shared insights that caution cybersecurity professionals against comparing prompt injection and SQL injections. They warn that generative AI applications may be vulnerable to injection prompts that may not be mitigated in the same way as SQL injections, as many LLMs remain unable to distinguish between genuine prompts and injections.
- Almost 1 billion attempts to access malicious sites blocked by new government cyber tool: Nearly 1 billion cyberattacks and attempts to access scam websites have been blocked by a new government cyber service in less than a year, according to new figures from GCHQ’s National Cyber Security Centre (NCSC) and BT.
- Updating our guidance on security certificates, TLS and IPsec: December 2025 saw the NCSC update 3 pieces of key guidance around the use of security certificates and cryptographic methods. These include consistency changes around the use of TLS and IPsec, in line with the NCSC’s new advice on external attack surface management (EASM) products.
- Cyber deception trials: what we’ve learned so far: NCSC has provided an update around their on-going trials to test the efficacy of cyber deception solutions (i.e, a honeypot used to lure attackers). They have found that cyber deception is able to work, especially around identifying insider threats, however they’re not ‘plug-and-play’, and require having correct and relevant data and context.
Business & Industry
NHS Supplier DXS International confirms cyberattack
DXS International, a provider of clinical solutions for healthcare professionals and patients to the NHS, confirmed that they experienced a cyberattack on their office servers on the 14th December 2025.
The incident has been reported as having ‘minimal impact on the company’s services’, leaving front-line clinical services ‘unaffected and operational’.
The prolific ransomware threat actor ‘DevMan’ claimed responsibility, stating that they had copied around 300GB of data, threatening to release it publicly. However, neither the NHS nor DXS have commented on this claim.
Scattered Spider attacks cost UK retailers millions in damages
Cyberattacks against major UK retailers are estimated to have cost affected businesses millions of pounds in damages. Two of the worst affected were M&S and the Co-op Group, who are estimating losses of approximately £300m and £200m respectively.
Taking place between April and May of 2025, the attacks utilised the DragonForce ransomware, with social engineering tactics deployed, such as voice phishing, to compromise company networks via internal IT helpdesks. Hackers then activated the main ransomware payload across compromised systems..
These attacks triggered serious disruption to the businesses, causing data loss and outages that led to a depreciation of the companies stock and revenue prices.
Events
CBN January Member Meeting
CBN is holding its first bi-monthly members meeting of 2026 in London, on Wednesday, 21st January, 4:30pm – 7:30pm. This event will comprise of a roundtable style discussion to help shape our 2026 agenda, as well as a discussion around ongoing developments regarding the Cyber Security and Resilience Bill, following its second reading in the Commons this month.
Please note: This vital session is exclusively for paying members and partners. If you’d be interested in attending the event, please RSVP to secretariat@cb-network.org.
To become a member and ensure you won’t miss any of our events, please visit cb-network.org/join-us/
About CBN
The Cybersecurity Business Network is a coalition of leading UK-based organisations committed to strengthening the nation’s cyber resilience, fostering innovation and supporting economic growth. Through collaboration and knowledge sharing, we empower our members to drive growth and set standards for excellence across the UK cyber sector.
As a member-led network, our ambition is to serve as the unified voice of the UK cyber industry, championing its interests, amplifying its potential, advocating for greater engagement and support from government, media, and the wider business community.
If you are interested to hear more about CBN or want to become a member, then please reach out to secretariat@cb-network.org for more info.