Cybersecurity experts have started a formal review into the UK cybersecurity market, at the government’s request, to identify future growth opportunities as it looks to grow the industry that’s core to the country’s Industrial Strategy.
Announced on Wednesday, the Cyber Security Growth Action Plan will deliver its findings later this summer, complete with recommended actions for the government to take to ensure the £13.2 billion ($17.7 billion) sector continues to grow.
The review is being led by Simon Shiu, visiting professor of cybersecurity at the University of Bristol and recently departed VP and director is cybersecurity research at HP Labs. He will be assisted by fellow colleagues from Bristol and experts at the Centre for Sectoral Economic Performance at Imperial College London.
The team will examine the UK’s strengths and identify areas of opportunity that will later be used to plot the UK’s roadmap for cyber growth.
Its findings will also feed into the upcoming, refreshed National Cyber Strategy, which will focus on amending the existing strategy in line with the latest cyber threats to ensure national cyber resilience.
“The UK cyber sector is successful and growing, but so too are the challenges as demonstrated by recent events which have affected businesses and consumers,” said Shiu.
“Based on input from all parts of the cyber sector, this project will make independent recommendations to accelerate growth in cyber, but also to increase cyber resilience in the other sectors critical to UK security, industry, and prosperity.”
The UK government also said there’d be up to £16 million ($21.5 million) in new funding to support the commercial growth of cybersecurity businesses.
Up to £10 million ($13.4 million) will be made available over the next four years to the CyberASAP scheme, which aims to help academics turn their research into viable commercial products.
Then, up to a further £6 million ($8 million) will be made available over the same period to help scale small businesses and startups, and help them access additional markets.
Senior minister Pat McFadden said: “Today’s investment will help to turn innovative ideas into successful businesses up and down the country, and the new research will support our mission to grow the economy.
“Recent cyberattacks show just how important it is we foster the development of the sector – delivering the double dividend of high-paying jobs as well as strengthening the country’s cybersecurity.”
The investments announced this week will represent just a small sum of the total package expected to be delivered to the cybersecurity sector by the time the UK’s Industrial Strategy is launched at the end of the month.
In addition to cybersecurity, sectors such as clean energy, financial services, manufacturing, professional services, and more are expected to receive sizable investments in a bid for economic growth.
It’s all part of the government’s Plan For Change, a phrase you may have seen bandied about in official comms and political coverage. It is basically a list of lofty goals Labour set out when it took power last year, one of which was to achieve and sustain economic growth.
In theory, this will boost innovation and create new jobs for Brits, so says the government.
Cybersecurity minister Feryal Clark said: “Through our Plan for Change, we’re backing the sector to create high-quality jobs through the Cyber Growth Action Plan and ensuring our public services are built on secure foundations with the expert support of the Government Cyber Advisory Board.”
New faces, but maybe not the right ones
Speaking of which, alongside the Cyber Security Growth Action Plan and new investment announcements, the government’s new-look Cyber Advisory Board was also unveiled this week.
First assembled in 2022 as part of the 2022-2030 National Cyber Strategy launched by then-PM Boris Johnson, the board’s role is to advise the government to make better strategic choices.
It serves as a sounding board for ministers, with high-profile voices from industry, academia, and the third sector all providing technical expertise to shape policy decisions.
Senior security folk from the likes of Big Tech (Google, AWS, Microsoft, and DeepMind) are involved, so too are university professors, representatives from top banks, legal eagles, energy companies, and more.
Ian Thompson, not our beloved vulture but Google’s senior government cyber advisor for MENA and GCAB member, said: “The Government Cyber Advisory Board plays a vital role in bringing together expertise from across government and a wide set of industry sectors.
“This cross-sector collaboration not only accelerates the sharing of best practices and experience but also ensures balanced perspectives and mutual learning – something I’m personally finding invaluable.”
Heather Bedson, head of information security at BPP, added: “Being part of the GCAB is an opportunity to drive change and improve the government’s cyber resilience by using expertise from a wide range of industries.”
Not everyone was so delighted, though. Graeme Stewart, head of public sector at Check Point, said there is a distinct lack of representation on the board from organizations that perhaps should be able to feed into these decisions.
He said: “What really surprised me was the makeup of the advisory board. There are plenty of big organizations represented, but no specialist cybersecurity firms are included. The absence of any dedicated cybersecurity specialists is a striking omission. It’s also worth pointing out that while there is public sector representation on the board, it’s almost entirely from academia. That does have value, and I absolutely recognise the importance of academic input, but it’s not the same as having practitioners from the frontline of the public sector.
“There’s no one from the NHS, local authorities, or central government departments. That’s a concern because when organizations like the NHS or local councils are hit, the impact is felt across society. We need voices from the operational side of the public sector in the room. Without that, you risk ending up with a report that’s well-meaning but lacking the real-world insight needed to make meaningful progress.” ®
