Transforming resilience in the face of unprecedented and rapidly evolving cybersecurity threats was top of mind as stakeholders gathered in Manchester for the NCSC’s annual conference.
The role of the cybersecurity community is “not just about protecting systems, it’s about protecting our people, our economy, our society, from harm.” This was the message from Richard Horne, the head of the National Cyber Security Centre (NCSC), at the annual CYBERUK conference in Manchester. The annual NCSC conference brings together policy makers and U.K. government agencies with academics, technology vendors, education providers and practitioner organizations to examine and identify ways forward for cybersecurity success in the U.K. alongside its international partners.
In a keynote that also acknowledged the growth in nation-state threats to the U.K., Horne noted that “threats are manifesting on the streets, against our industries and our businesses, putting lives, critical services and national security at risk.” He added that offence has a critical role to play as part of defense and pointed to the work of the U.K. National Cyber Force (NCF), a partnership between MoD and GCHQ that is working to reinforce cyber resilience.
It was an opening to two days of conference sessions that focused on a variety of themes including the growth of AI, supply chain risks as well as geopolitical issues. However, the thread running between all of them was transforming resilience. Horne emphasized the core message of collective responsibility and collaboration in cybersecurity, stating that it is “not about any of us working in isolation...we need to respond not as individuals, but as a movement, working in synergy to defend ourselves – and our way of life.”
Cybersecurity Resilience as a Means for Growth
Alongside the sessions, Pat McFadden, the Chancellor of the Duchy of Lancaster, also spoke about the cyber threat landscape and how the government is leveraging cyber to drive economic growth in parallel with protecting the nation.
In a moment of recognition of some of the cyber attacks that have impacted UK retailers, he noted: “What we’ve seen over the past couple of weeks should serve as a wake-up call for everyone – for government and the public sector, for businesses and organizations, as if we needed one, that cybersecurity is not a luxury - it’s an absolute necessity”. He added that in 2024, the NCSC saw a sharp rise in reported cyber attacks, receiving nearly 2,000 reports – 90 of which were deemed significant and 12 at the top end of severity.
McFadden highlighted that for all the benefits that technology advancement and falling costs bring, those benefits add risk. Critical infrastructure becoming ever more interconnected being one example. The role of government in legislating for a rapidly evolving environment and holding organizations – and itself – to account is therefore critical. The government plans to publish a new National Cyber Strategy later this year, alongside work on the upcoming Cyber Security and Resilience Bill.
“That legislation will bolster our national defenses. It will grant new powers to the Technology Secretary to direct regulated organizations to reinforce their defenses,” McFadden said. “As we begin scrutiny of that Bill in Parliament, we will be launching a new Software Security Code of Practice - to help all organizations take the measures they need to embed security and resilience.”
McFadden reminded CYBERUK attendees of the pace of change, pointing out that it was only 36 years ago that Tim Berners Lee invented the World Wide Web and that the pace of change that we have seen since then is unlikely to slow down.
“We have got to take the long view: not just think about the technologies of today, but what it might look like in 10 or 20 years,” McFadden said, along with calling for stakeholders to work together to meet the challenges that cybersecurity poses to national resilience.
Jonathon Ellison, NCSC Director for National Resilience, also announced new cyber adversary simulation schemes and cyber resilience test facilities; two initiatives designed to further bolster U.K. cyber resilience and user confidence in infrastructure and connected technologies.
ISC2 Panel Focuses on Collaboration
In line with one of the conference’s key themes, “Transforming our Ecosystem”, ISC2 hosted a panel discussion examining how cross-sector collaborations have delivered measurable cybersecurity and business resilience impact, and how co-operation and partnerships can also stimulate growth in the U.K.’s cybersecurity industry.
Ed Parsons, VP Global Markets and Member Relations at ISC2, led the session, which featured a panel covering government, law enforcement, academia and industry:
- Fiona Bail, Detective Chief Inspector – Head of Cyber Path at the National Cyber Resilience Centre Group
- Cian Galvin, Head of Cyber Skills and Profession at the Department for Science, Innovation and Technology (DSIT)
- Katie Gallagher OBE, Managing Director at Manchester Digital and Chair of UK Tech Cluster Ecosystem Group
- Professor Daniel Prince, Professor of Cyber Security at Lancaster University and Co-Director of Security Lancaster
Skills are essential to achieving and maintaining high levels of cybersecurity and business resilience, particularly in the face of one of the most challenging threat landscapes in recent times. Yet, organizations struggle with a shortage of appropriately skilled professionals. According to DSIT, 44% of U.K. organizations lack the skills needed to perform the basic tasks outlined in the government-backed Cyber Essentials scheme. ISC2’s own Cybersecurity Workforce Study has shown that 91% of U.K. cybersecurity professionals see a skills shortfall in their teams.
The panel examined both supply- and demand-side challenges, highlighting local examples of collaboration that are helping to overcome these challenges. Gallagher highlighted examples of employer-backed regional initiatives, such as Digital Her, that have improved representation and social mobility in the cybersecurity workforce. Prince also pointed to initiatives led by Lancaster University to attract students from a broader set of disciplines into cybersecurity. He also emphasized that we need leaders in cybersecurity, addressing the misconception that only technical roles exist in the field. This narrow perception often deters individuals without a STEM background from considering cybersecurity careers.
Discussion turned to professionalization, a major area of discussion for the cybersecurity profession for many years and one that the U.K. has made significant progress in recent years with. DSIT’s Galvin spoke about the importance of streamlining career pathways and standardizing roles through the UK Cyber Security Council’s professionalization scheme, in which ISC2 is a partner. He noted the lack of clarity for people looking for guidance. “You can’t Google ‘How can I become cyber expert’ and get same answer every time,” Galvin noted. There are a greater number of specialisms an individual can pursue and that has added to the need for clarity around roles and expectations.
Simplifying and elevating the cybersecurity profession will enhance its appeal to new talent while also streamlining the ability of businesses to recruit skilled professionals and access trusted cyber services.
It is also an area where the education sector helps shape outcomes and Bail noted that academic partnerships like Cyber PATH are valuable in exposing both students and organizations to the realities of cybersecurity skills and workforce needs. Through the initiative, students work with supervisors who mentor them on the job. The scheme provides services for SMEs who can’t necessarily afford it and gives students more than just real-world work experience. They are involved in the whole journey and build up skills, making them workforce-ready – from talking to clients, thinking about risk, understanding reports and honing communications skills.
It’s important because, as Prince explained, entering the field after graduating is difficult – employers often require experience even for entry-level roles, while students struggle to gain that experience due to organizational hesitance around involving them in security projects. Initiatives like Cyber PATH help to bridge this gap. Despite holding relevant qualifications, many aspiring professionals face limited entry-level opportunities and cite the lack of practical experience as a major obstacle to starting careers.
Aside from developing individual skills, there is also the need to create businesses and employment opportunities. The panel were asked about the necessary conditions to promote cyber startups and how cross sector collaboration help things.
Collaboration for Growth
Several initiatives were highlighted, including Cyber Runway - the largest cyber accelerator in the U.K. and funded by DSIT – and NCSC for Startups, which connects startups with technical experts, government and investors. Regional initiatives were also discussed, such as Cyber Quarter, a project led by the Midlands Centre for Cyber Security, which has secured £3 million of U.K. government funding to support cybersecurity startups.
With these support mechanisms in place to cultivate startups, which in turn can help support skills development, the panel was asked how the U.K. can ensure that the country as well as the regions not only build cybersecurity resilience but also benefit from the opportunities the cybersecurity sector offers.
Gallagher highlighted the positive influence of the NCSC’s North-West hub, emphasizing how this collaborative center has attracted significant investment to the region and played a key role in building a resilient and dynamic cybersecurity supply chain.
The role of regional hubs to foster innovation, skills development and job creation were seen as essential. Partnerships between universities, organizations and local councils to deliver relevant cybersecurity training, run engagement activities like hackathons and incubate startups. Such an approach, the panel noted, ensures growth isn’t concentrated only in London but reaches nationwide.
The panel offered five points for attendees to take away from the discussion, namely:
- Collaboration is Key to Improving Cyber Resilience – The panel agreed that cross-sector partnerships are no longer optional - they're essential. All aspects of the public and private sector need to collaborate and knowledge share to address today’s complex cyber threats, with shared responsibility for both risk mitigation and skills development.
- Commit to a Broad Personnel Strategy – Experience from outside the cybersecurity field is valuable. Initiatives like Digital Her demonstrate how collaboration between employers and community groups can bring underrepresented groups and career changers into cybersecurity jobs. Employers must back up intentions with action, particularly by hiring through non-traditional routes.
- Professionalization Will Drive Growth – U.K. cyber workforce growth will benefit from clear, standardized career paths and role definitions. Without consistent expectations, both employers and job seekers are left navigating a fragmented landscape. The UK Cyber Security Council’s professional standards work on this is foundational.
- Leverage the Regions – The North West of England serves as a blueprint for regional growth in the U.K. From university-led innovation to smaller business-focused training, the North West is becoming a model of regional cybersecurity ecosystem development. Collaboration in the region has helped build pipelines of talent, incubate startups and deliver real-world impact and growth.
- Universities Go Beyond Education – Centers of education are a valuable source for leading innovation and workforce readiness: Lancaster University’s efforts (via Cyber Foundry and Cyber Focus) are redefining academia’s role. Initiatives like Cyber Path, which give students hands-on experience with smaller and medium-size organizations, are vital in bridging the readiness gap. But employers need to do more to open their doors to graduates.
Related Insights