never miss a thing
Sign Up to Hear about News and events
CBN Newsletter | November 2024
Our monthly update to bring you the relevant, high-level policy and business news from across the cyber sector.
This month, we provide an update on two significant announcements from the UK government, an insights piece from out CBN comms lead, and our usual policy and business news.
If you have any questions about the content, or believe we should add to our coverage, please do not hesitate to get in touch.
Headline News
UK political update: the Budget and a “modern” Industrial Strategy
On Wednesday, 30th October, Chancellor Rachel Reeves presented the new Labour Government’s first annual Budget. With a reportedly dismal economic outlook yet a manifesto promise to bring growth, the Chancellor changed borrowing rules and increased the overall tax burden on the country by £40bn in order to increase investment in key sectors and public services.
Skirting around controversy of whether Labour broke its election manifesto commitment, the Chancellor continued the Government’s messaging of boosting growth and productivity and utilising innovative tech – especially in health, energy, defence and digital.
Notably, the Strategic Defence Review (SDR) was mentioned, in which the Government is considering cyber and digital “as a next step” as they develop their plans in this area. Other than defence, cyber was only mentioned in terms of improving the security of the NHS.
Ahead of the Budget, the Government had launched its “modern” Industrial Strategy and associated consultation, aiming to streamline funding into eight key sectors – manufacturing; clean energy; creative industries; defence; digital and technologies; financial services; life sciences; and professional and business service – in an aim to address challenges via a “cross-cutting” and “pro-business” approach.
While cyber is not mentioned in the Industrial Strategy, the consultation nonetheless plans to “focus on a range of technologies and their commercialisation, with a portfolio approach that backs smaller, less proven, and more disruptive businesses alongside larger, well-established businesses in existing sectors” under the context of investing in digital technologies, which presents a key opportunity for the sector to engage and raise its profile within government.
If you have any questions about what these updates mean for the cyber sector or your business, please get in contact with us at secretariat@cb-network.org.
Enhancing supply chain cybersecurity: positive storytelling and clear communication
Recent disruptions caused by global IT outages have shed light on how a lack of IT supply chain diversification fundamentally undermines resilience by concentrating risk. Over the last few months, many organisations have been considering the makeup of their supply chains, and the strength of their incident management and response plans, accordingly.
In a key insights article, CBN Communications Lead, Liva Emmatty, outlines the communication challenges faced by cybersecurity leaders and organisations in this context, and the value that powerful storytelling and clear communications can bring to cyber firms looking to boost reputations when trust is low.
If you have questions about how you can better communicate your services to customers or wish to speak to government about future solutions, please get in touch with the CBN team.
Political and policy updates
Building partnerships to protect the UK from cyber crime
In a speech to the PREDICT 2024 Conference, Home Office Security Minister Dan Jarvis said that “cyber security is national security” and highlighted how national security is the “foundation” for the Government to achieve its five missions.
He went on to say that the Government is considering reviewing the Computer Misuse Act (CMA), and in light of the spending review are reviewing several policy areas to enable and enhance security.
Five Eyes launch shared security advice campaign for tech startups
Cybersecurity guidance designed for technology companies, Secure Innovation, has been launched across Five Eyes nations, in an effort to protect the sector from national security threats, particularly originating from other nation states.
Originally a UK-only initiative from the National Cyber Security Centre (a part of GCHQ) and National Protective Security Authority (NPSA), tailored guidance is now available in Australia, Canada, New Zealand, the UK and the US.
The guidance helps companies to create a cost-effective, bespoke action plan which supports them to assess their levels of secure innovation and identify any necessary actions they need to take to protect their business.
G7 Cyber Expert Group recommends action to combat cyber risks from quantum
The G7 Cyber Expert Group (CEG) – chaired by the U.S. Department of the Treasury and the Bank of England – has recommended organisations have regard for the initial set of quantum-resilient encryption standards was released by the National Institute of Standards and Technology (NIST) and work to build resilience, particularly for sectors which hold highly sensitive information, such as the financial sector.
Cyber Essentials 10 years on
In a speech at the 10 year anniversary event for the Cyber Essentials scheme, DSIT’s Cyber Minister Feryal Clark highlighted the impact of Cyber Essentials for UK businesses, which are detailed in a new impact evaluation.
Further, she announced a new joint statement from DSIT, the NCSC, and the UK’s largest banks and building societies which aims to raise the levels of cyber security in critical national supply chains by exploring ways to expand the role of Cyber Essentials within their supplier assurance processes.
NCSC updates
- NCSC urges global cyber collaboration: At the Singapore International Cyber Week, Dr. Richard Horne, CEO of NCSC, urged international cooperation to increase global resilience against escalating cyber threats.
- UK and US issue cyber alert for Russian intelligence: A joint advisory from UK and US cybersecurity agencies warns that a campaign orchestrated by Russian Foreign Intelligence Service (SVR) actors is targeting critical government and national infrastructure and exploiting vulnerabilities in other organisations with poor cyber protections. It goes on to urge all organisations to apply patches and updates, and report any suspected breaches.
- Team of British women to participate in international cyber event: A team of CyberFirst Bursary alumni will represent the UK at the inaugural Kunoichi Cyber Games in Tokyo this November. The event, part of the Code Blue cyber security conference, aims to inspire more women to pursue cyber careers.
- Cyber defence for schools: UK schools are encouraged to sign up for a free cyber defence service from the NCSC, called PDNS for Schools, which blocks online threats like malware and phishing attacks.
Business and industry
Businesses struggle to manage supply chain cyber risk
Businesses are facing a growing challenge in managing supply chain cyber risks, according to a new report from cyber defence company Blue Voyant, in their fifth annual State of Supply Chain Defense report.
Despite 95% experiencing incidents in the last year, over half don’t regularly assess vendors for cybersecurity issues, and a third have no way of knowing when an incident occurs. This largely stems from a lack of resources and expertise, even though budgets for third-party cyber-risk management have increased.
Further, prioritisation of third-party cybersecurity risk management has decreased; key challenges include understanding how to penalise non-compliant vendors, meeting regulatory requirements, and ensuring compliance. On the other hand, UK businesses are more proactive than their global counterparts in briefing senior management on these risks, indicating an awareness of the issue at the highest levels.
If you want to learn more about supply chain cybersecurity resilience, check out CBN’s recent webinar for more insights from cyber leaders.
Bridging the gaps to cyber resilience
Significant gaps exist between perceptions of cyber resilience among top security executives and C-suite leadership, according to the 2025 Global Digital Trust Insights report from PwC.
Based on a survey of more than 4,000 business and technology executives across 77 countries, over two-thirds of technology leaders see cybersecurity as their top risk for mitigation – compared with less than half of business leaders. Despite this, CISOs are less likely to be involved in strategic planning, leading to a gap between CISOs and top C-suite executives over the company’s ability to comply with regulations, particularly those involving AI and critical infrastructure.
The report goes on to recommend that, in order to better communicate the need for cyber resilience, CISOs “share tech-enabled insights” and explain cyber priorities in business terms (cost, opportunity, risk).
Global threat report indicates increase in CNI cyberattacks
Cyber attacks on key critical national infrastructure (CNI) and supply chains continue to increase across the globe, according to data in Blackberry’s Q2 Global Threat Intelligence report.
Notably, the period of April – June 2024 was “one of the highest” quarterly percentage increases in unique malware samples per day since their reporting began. The United States received the highest number of attempted attacks, followed by Japan, South Korea, Australia and Canada.The report does not go into detail on why these countries have received the most attacks, and although mentioning that the attacks came from both state and non-state actors, did not clarify further.
While organisations are implementing measures like data encryption, fewer than half verify their suppliers’ cybersecurity compliance. The report stresses the urgent need for improved visibility and monitoring of software supply chains to reduce vulnerabilities.
To note, this report is based only on data collected by Blackberry in its internal systems.
About CBN
Our new mission is to bring together cybersecurity companies to network, learn and debate across three key pillars — trade and export, policy, and market insights. Our members will be enabled to promote their cybersecurity expertise and capabilities, strategically engage with key stakeholders and develop lasting relationships in key verticals, in a wider effort to influence government policy and promote innovation in the sector.
The strategic direction of CBN is shaped by our Membership who benefit from increased brand exposure and engagement opportunities with key stakeholders in the cyber space, other key sector verticals, media, government and regulators.
Membership to CBN is free for all cybersecurity organisations. If you are interested to hear more about CBN or want to become a member, then please reach out to secretariat@cb-network.org for more info.
Founded by Clarity
Global digital marketing and communications agency, providing fearless marketing and consultancy to the world’s most progressive companies.
We match data-driven science with human ingenuity to expand our full-funnel, specialist services and expertise. Our vision is to accelerate positive change and impact across the world. A firm believer of cybersecurity as an enabler of growth and resilience, we are proud to driving its prosperous impact forward. Get in touch with secretariat@cb-network.org to understand more on how Clarity can enhance reputation, create impact, and drive growth in your organisations.