Policy paper

DSIT cyber security newsletter - June 2025

Published 30 June 2025

© Crown copyright 2025

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/dsit-cyber-security-newsletter-june-2025/dsit-cyber-security-newsletter-june-2025

1. Director’s message 

Cyber security has very much been at the top of the news agenda since our last newsletter.  In part, that’s been because of the continued threats we face, with the attacks on Marks and Spencer and other major retailers having devastating impact.  Most positively, it has also been because of some of the work being done across the UK to boost our security and resilience. 

Earlier this month, for example, the Prime Minister launched TechFirst, a new £187m scheme to improve tech and cyber skills in young people, based on the successful CyberFirst programme. And last month, the Chancellor of the Duchy of Lancaster, Pat McFadden, headlined CyberUK in Manchester, announcing a cyber growth review and a refresh of our national cyber strategy.  Cyber security featured strongly in the National Security Strategy and the Industrial Strategy, both published in the past week. 

And that’s not all!  We’ve also published a new code of practice on software security, launched a consultation on enterprise IoT devices, and made further progress on developing the forthcoming Cyber Security and Resilience Bill

I hope you will find this newsletter useful, and that you are able to read it in a somewhat cooler room than I find myself in writing this introduction!  

Rod Latham

Director, Cyber Security and Digital Identity 

2. New £187m TechFirst scheme will train one million young people   

The Prime Minister launched a national skills drive on 8 June to unlock opportunities for young people in tech. Pupils across the country will be given skills in AI, cyber security, and computer science to help get the tech-powered jobs of the future. The new £187 million programme will give one million secondary school students a chance to learn and develop their skills, while over 7 million UK workers will gain essential AI skills through a partnership with major tech players including NVIDIA, Google and Microsoft. Within days of that announcement, Secretary of State Peter Kyle kicked the partnership into action as he chaired its first meeting. 

The TechFirst online platform builds on CyberFirst’s Explorers programme which has 100,000 students registered already. In each of the UK’s regions and nations, a local delivery partner will be selected by DSIT to run the programme and deliver activities to schools and colleges in local areas.  

Read the TechFirst press notice for more information. 

3. New plans and funding to supercharge UK cyber sector 

The UK’s growing cyber security sector is set to be boosted by up to £16 million in new investment as the government launched a new Cyber Growth Action Plan. Up to £10 million in additional funding will be invested in the CyberASAP programme over the next 4 years to support the UK’s cutting edge academic cyber sector to turn their research into commercial companies. To build on the work of the government’s current cyber accelerator Cyber Runway, up to £6 million will be also allocated to support cyber startups and SMEs - helping firms scale, access new markets through trade missions, and strengthen the UK’s wider cyber ecosystem. 

The Cyber Growth Action Plan will be led by independent experts at University of Bristol and Imperial College London’s Centre for Sectoral Economic Performance. The Plan will examine the strengths of the UK’s cyber sector and provide a roadmap for its future growth. This will culminate with a set of recommendations later this summer for government to identify next steps. 

Read the press notice for more information. 

4. CyberUK showcases DSIT work on cyber security  

The NCSC’s CyberUK event in Manchester in May provided an opportunity to announce and promote a wide range of DSIT and government work on cyber security. A speech by Cabinet Office Cyber Minister Pat McFadden highlighted the strength of the cyber security sector in the north west and announced a new national cyber strategy would be published by the end of the year. DSIT cyber minister Feryal Clark spoke at the CyberFirst dinner to celebrate the success of CyberFirst learners and the industry supporters who provide work placements. 

Read the press notice for more information.  

5. Investment in CHERI technology to build resilience to cyber attacks 

New funding for CHERI technology was also announced at CyberUK. To help inoculate businesses against cyber attacks, the government will drive investment into CHERI, a ‘magic chip’ that builds advanced memory protections in microprocessors, blocking up to 70 per cent of common cyber attacks.

This year DSIT will be investing £6 million to help firms bring these chips to market, find customers and break down barriers to adoption. Since CyberUK, further funding has been announced for CHERI via the digital sector plan in government’s new industrial strategy, bringing an initial investment of £24 million over the next four years. 

6. Mindgard win the CyberUK Innovation Zone competition  

DSIT hosted an innovation zone at CyberUK which showcased 12 up and coming UK cyber firms with new and innovate ideas. A ‘dragons den’ style pitching competition was held to give conference attendees an idea of the capabilities on display, with cyber AI firm Mindgard coming out as winners of the ‘most innovative cyber SME’ award.   

7. New code of practice to improve software security 

Also announced at CyberUK was a new Software Security Code of Practice to help organisations take the measures they need to embed security and resilience. The Code sets out essential steps every organisation developing or selling software should be taking to secure their products and reduce the likelihood and impact of software supply chain attacks and other software resilience incidents. Often, these kinds of attacks and disruptions are caused by avoidable weaknesses in software development and maintenance practices.  

The Code addresses those issues, having been co-designed with technical experts from the National Cyber Security Centre (NCSC) and industry.  

For organisations using the Code, the government has launched an evaluation survey for users to provide feedback. The survey is open until December 2026. 

8. AI Cyber Security Code of Practice is turned into a global standard 

The government’s AI Cyber Security Code of Practice published in January 2025 is set to be used by businesses and governments around the world. The UK Code has informed the newly developed a global standard by the European Telecommunications Standards Institute. Technical Specification (TS) 104 223 sets out baseline steps organisations in all countries should follow to secure AI models and systems. Work is now underway to evolve this Technical Specification into a comprehensive European Standard, aimed for completion by the end of 2025.  

The world-first standard is supported by complimentary implementation guidance to support stakeholders across the AI supply chain in implementing it. The standard was developed by ETSI’s Technical Committee on Securing Artificial Intelligence, with support from DSIT and NCSC. 

9. Respond to the call for views on enterprise connected device security 

The government is seeking your views on the cyber security of connected devices (or ‘IoT’ devices) used in the workplace. Connected devices used by businesses and organisations - such as office printers, internet-connected telephones, building entry systems and room booking systems – are known to be vulnerable to range of security issues and can provide a route for hostile actors to attack IT systems used by businesses.  

The government has published new research setting out security vulnerabilities in a range of connected devices commonly-used by businesses and is now asking for views on proposals to tackle the issue.  

Anyone can respond to the call for views, which is open until 7 July 2025. 

10. News in brief 

  • Have you got what it takes to be a cyber advisor? The NCSC are looking for cyber security professionals to join the Cyber Advisor scheme as consultants and provide hands-on security advice tailored for SMEs. Find out how to get involved by reading the NCSC blog.   

  • New statistics show a record 13,337 Cyber Essentials certificates were awarded to organisations in the last quarter, bringing the total for the past year to nearly 50,000. Around 225,000 certificates have been awarded since launch, meaning many more businesses are now protected by the highly effective scheme which reduces the likelihood of a cyber insurance claim by 92%. 

  • The government’s new industrial strategy was published on 23 June setting out five key sectors with potential for strong economic growth. It includes a digital and technologies sector plan which highlights cyber security and sets out new funding for Cyber Runway, CyberASAP and CHERI.  Further sector plans will be announced later in the year.   

  • The new national security strategy was presented to Parliament on 24 June with the government promising to spend 5% of GDP on national security by 2035. The strategy highlights the key link between cyber security, economic security and national security, while making clear the requirement for the public and businesses to continue adopting good cyber security practices.

Back to top