Policy paper

DSIT cyber security newsletter - April 2024

Published 15 April 2024

1. Director’s message

Cyber security has been at the top of the news agenda following the NCSC’s assessments that Chinese state-affiliated organisations were responsible for a cyber attack targeting the Electoral Commission and a surveillance operation on UK parliamentarians. While worrying, this incident highlights the increasing threat of state-affiliated attacks and underlines the critical importance of our sector in providing the defences to protect our systems and institutions.

Thanks to everyone who contributed to The McPartland Review on how cyber security can be used as a catalyst to drive growth across all sectors of the UK economy. The call for views is now closed and a series of roundtables are currently taking place. A final report with recommendations for further action will be submitted to Ministers in May.

The Minister for AI and Intellectual Property, Viscount Camrose, has been keen to engage with the UK cyber sector and our work supporting the growth of the ecosystem. Last month he attended the graduation event of Cyber Runway where he delivered a keynote speech and met some of the companies. He also travelled to Belfast to take part in events at the inaugural CyberNI Week, organised by the Northern Ireland Cyber Security Centre.  The Minister also gave a speech at the CyberASAP Demo Day, at which academic teams from UK-wide universities graduated from the 12-month programme.

We are also excited to announce the launch of the updated beta version of our Secure Connected Places playbook. This comprehensive guide provides practical advice for securing smart cities, IoT devices, and critical infrastructure. We welcome any feedback on the playbook during this phase.

Furthermore, the Cyber Security Longitudinal Survey was launched at the end of March. This survey will help the sector gain deeper insights into the evolving threat landscape and inform strategic decisions. 

Andrew Elliot

Interim Director, Cyber Security and Digital Identity

2. Cyber Security Breaches Survey 2024 published

The 2024 version of the Cyber Security Breaches Survey was published on 9 April. The survey found that 50% of businesses and 32% of charities had identified a cyber breach or attack in the past year. However, since last year, more businesses are putting basic security measures in place, more large businesses and charities are training their staff and three-quarters of businesses say cyber security is a high priority for senior management.

For more information, read the full survey.

3. Updated Secure Connected Places playbook published

In March DSIT published the beta version of the Secure Connected Places Playbook. The guidance helps organisations deploy and manage their connected places (also known as smart cities) in a cyber secure way.

The Playbook comprises four cyber security resources covering governance, procurement and supply chain management, how to conduct a good threat analysis, and for the first time includes a resource on incident response.

The guidance set out in the resources has been developed to specifically highlight the nuanced approaches needed to secure connected places and their technologies.
The Secure Connected Places team welcomes any feedback on the playbook, and can be contacted at: secureconnectedplaces@dsit.gov.uk

4. Cyber Security Longitudinal Survey published

The third year of DSIT’s Cyber Security Longitudinal Survey (CSLS) was published on 20 March 2024. The study tracks the same organisations over time, looking at the cyber security of medium and large businesses, and high-income charities.

Key findings include: 

1. While some organisations improved their resilience over two years, many remained stable or invested less heavily in cyber security.
2. Organisations with stronger resilience adopt certifications/standards more than those with lower resilience.
3. Improved board engagement is more evident among organisations with lower initial cyber resilience. 

The report raises important questions regarding the factors impacting these variations. An additional year of the CSLS has been commissioned to gain further understanding.
The Cyber Security Breaches Survey 2024 will be published on 9 April. It provides representative statistics on the cyber security approaches amongst UK businesses and charities of all sizes, and educational institutions.

5. Viscount Camrose visits Belfast on 7 March for NI Cyber Week

Viscount Camrose visited Belfast on 7 March to take part in events to mark the inaugural CyberNI week. As part of the visit, the Minister headed to the Centre for Secure Information Technologies (CSIT) at Queen’s University Belfast to hear about the Cyber AI Hub programme.

This programme is supported by £11 million of UK Government funding through the New Deal for Northern Ireland. He also visited BT’s Security Operations Centre and meet with the NI Cyber Security Centre, hearing more about the critical work done by public-private partnerships to bolster cyber security awareness across the region.

The Minister rounded off his visit by taking part in a Capture the Flag-style event hosted by Vertical Structure and Instil. CyberNI week included a total 38 events engaging partners across academia, industry, government, charities and the public, with over 2,000 delegates attending in person or joining virtual events.

6. CyberASAP Demo Day showcases new innovations

The Minister for AI and Intellectual Property, Viscount Camrose, gave a Keynote Speech at the CyberASAP ‘Demo Day’ on 14 March at Level39 in Canary Wharf, at which academic teams from UK-wide universities graduated from the 12-month programme.
The Cyber Security Academic Startup Accelerator Programme (CyberASAP) is delivered by InnovateUK and supports academics looking to commercialise their cyber security research. The Demo Day is the chance for the CyberASAP graduates to pitch their idea and demonstrate their proof of concept to industry experts, potential customers and investors.

The Minister met CyberASAP Alumni and current graduates to discuss how their technological innovations will shape our future digital resilience, safeguard critical infrastructure and protect data. Notable alumni include MindGard from Lancaster University, who provide security for AI, GenAI and Large Language Models, and CAPSLOCK from University of Bradford, who educate people ready for jobs in the cyber security industry.

Currently in its 7th year, CyberASAP has led to the creation of 30 new cyber companies which have collectively raised over £23 million in further investment. To find out more visit the CyberASAP website.

7. New companies graduate from Cyber Runway programme

In February the graduation event for Cyber Runway, the DSIT-funded business accelerator for UK cyber businesses, was held at Plexal in London. The event brought together members from across the four streams of the programme for a day of talks, panel discussions and networking. Some of the companies also launched their programmes at the event.

Minister Camrose provided a keynote speech and met some of the companies graduating the programme. Jamie Bartlett, the man behind The Missing Cryptoqueen podcast and author of The Dark Net and The People Vs Tech also gave a presentation on his investigation into Ruja Ignatova, who earned a place on the official FBI Ten Most Wanted Fugitives list for founding OneCoin, “a purported cryptocurrency… believed to have defrauded victims out of more than $4 billion.”

Applications for next year’s cohort of Cyber Runway will open in May. Companies can submit an express of interest here.

8. Find out more about cyber security professional titles

The UK Cyber Security Council now awards professional titles (including Chartership) for the cyber security profession. As an organisation which has been granted Royal Chartered status, the Council is now the authority that sets professional standards for the profession.

The new titles will enable individuals to prove their skills and enhance their employment prospects, whilst employers will gain assurance on the knowledge and competence of their staff.

The Council has created professional titles for various specialisms identified within the field. To date professional titles have been developed for four specialisms and launched through two bodies – CIISec and the Cyber Scheme. CIISec offers Governance and Risk Management, Audit and Assurance and Secure System Architecture and Design. The Cyber Scheme offers Security Testing.

Find out more on the UK Cyber Security Council website.