DSIT cyber security newsletter - March 2026
Published 12 March 2026
© Crown copyright 2026
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/dsit-cyber-security-newsletter-march-2026/dsit-cyber-security-newsletter-march-2026
1. Summary
The start of 2026 has been exceptionally busy on cyber security, with significant developments across policy, legislation and support for businesses and the wider ecosystem. This edition of our newsletter brings together some important updates from the past few months and highlights what the government is doing for organisations across the UK.
Parliament continues to scrutinise the Cyber Security and Resilience Bill as it moves through its stages, promising a major step forward in strengthening the UK’s cyber defences. Alongside this, we have launched the new £27 million TechLocal skills scheme, opening up fresh opportunities for local partnerships to grow cyber, AI and digital skills and connect people to high‑value tech jobs across the country.
At the same time, the cyber threat remains high. Our new longitudinal research shows that cyber incidents continue to affect a large proportion of UK organisations, underlining the importance of sustained action. Recent guidance from the NCSC, including advice linked to the conflict in the Middle East, reinforces the need for organisations to stay vigilant and review their cyber security posture.
Whether through schemes like Cyber Essentials, improving incident readiness, or investing in skills, continued action to strengthen cyber resilience is vital. We are grateful to all our stakeholders for their ongoing support, collaboration and commitment to keeping the UK secure online.
2. £27 million TechLocal skills scheme open for bids
The government has launched a new £27 million TechLocal scheme to improve skills across the UK’s digital sectors and help grow the economy. TechLocal will fund local partnerships to help people develop the skills needed for jobs in fast-growing technology sectors such as cyber security, artificial intelligence and quantum computing.
The scheme is currently open for bids, with two grant programmes to connect local talent to local tech jobs, and to develop degree courses, graduate traineeships and work experience opportunities in AI. To find out more and apply, visit the TechLocal page. Applications close on 18th March 2026.
TechLocal was launched on 28 January 2026 as part of the government’s announcement on improving AI skills, with free AI training offered to all UK adults.
3. NCSC advises UK organisations to take action following conflict in the Middle East
In response to the evolving events in the Middle East, the NCSC is advising UK organisations to review their cyber security posture. The alert explains that while there is likely no current significant change in the direct cyber threat from Iran to the UK, there is almost certainly a heightened risk of indirect cyber threat for those organisations and entities which have a presence, or supply chains, in the Middle East.
For more information and guidance on actions to take, see the alert on the NCSC website.
4. Cyber Security and Resilience Bill completes Public Bill Committee
The government announced tough new laws to strengthen the UK’s defences against cyber attacks on NHS, transport and energy back in November. The Cyber Security and Resilience Bill had its Commons Second Reading on 6 January 2026 when MPs debated the content of the Bill. You can read the debate here.
Public Bill Committee took place in February where MPs heard from expert witnesses on their views on the Bill and then scrutinised the Bill line by line. You can see details on the committee stage here. Committee stage has now concluded and the Bill will move to Report Stage when Parliamentary time allows.
For more information on the Bill’s progress, visit the Parliament website. Updated factsheets on the Bill are also available.
5. New government campaign urges SMEs to adopt Cyber Essentials
Business owners are being urged to “lock the door” on cyber criminals as the government launches a new campaign to provide practical ways for organisations to protect themselves from common online threats. The joint DSIT/NCSC campaign encourages SMEs to adopt the government’s Cyber Essentials scheme which sets out clear practical steps they can take to protect themselves from common cyber attacks. This includes keeping software up to date and controlling who has access to accounts and data to immediately boost their cyber resilience. Many cyber incidents exploit these basic weaknesses, which Cyber Essentials is designed to protect against.
Businesses can also access support including the Cyber Essentials Readiness Tool (an online self‑assessment to identify gaps) and free 30‑minute consultations with NCSC‑assured cyber advisors to help SMEs prepare for Cyber Essentials certification.
Full details on the campaign launch can be found here, with more information on the Cyber Essentials website. If you would like to receive a campaign asset pack containing images and videis to share with your customers and networks, please email the DSIT cyber security team.
An image from the Cyber Essentials campaign.
6. New cyber survey shows good industry progress but widespread threat remains
New research published on 17 February reveals the scale of the cyber threat facing UK businesses. The wave five results of the government’s Cyber Security Longitudinal Survey show 82% of medium and large businesses suffered a cyber incident in the past year.
More organisations are recognising the benefits of taking action. Adoption of Cyber Essentials among larger companies has risen from 23% to 30%, reflecting a growing understanding of the need for basic cyber protections. The survey also details how organisations are changing their behaviours in terms of incident response, and what cyber security policies and procedures they in place. See the full survey results on gov.uk.
7. Cyber security minister urges Northern Ireland businesses to boost their cyber defences during Belfast visit
Cyber Security Minister Liz Lloyd visited Belfast on 16 and 17 February to champion Northern Ireland’s £250 million cyber sector and call on local businesses to ramp up their cyber defences.
During her visit, the minister met leaders at the NI Cyber Cluster and Queen’s University Belfast’s Centre for Secure Information Technologies to discuss the UK Government-funded Cyber AI Hub programme. She also spoke to Cherton Secure, a veteran-owned risk management consultancy now certified under Cyber Essentials.
Baroness Lloyd said “Belfast’s cyber sector is world-class - home to thousands of high-skilled jobs and delivering over a quarter of a billion pounds in direct economic value. The talent and innovation here are helping to keep the UK secure online and creating excellent careers in Northern Ireland.
“But no business is off the radar from cyber criminals. Too many small firms still think attackers only go after big brands, but every business needs the basics in place. Cyber Essentials is the simplest way to do that - and there is local support here in Northern Ireland to help you get started.”
Minister Lloyd meets colleagues in Belfast.
8. More cyber startups graduate from DSIT’s CyberASAP programme
The CyberASAP Demo Day took place on 25 February in Canary Wharf marking the conclusion of the Year 9 cohort’s year‑long programme. The CyberASAP programme, which is funded by DSIT and delivered by Innovate UK, culminates with a daylong showcase of CyberASAP alumni and pitches from the most recent cohort. The event featured a keynote from the Minister for Digital Economy, Minister Lloyd, who highlighted the programme’s contribution to UK cyber innovation and the importance of women participation in the Cyber security field.
The showcase featured 14 projects from this year’s finalists, each pitching their innovations to investors and industry representatives from stakeholders across the cyber security sector. The pitches demonstrated the breadth of technical development supported through CyberASAP and the programme’s role in strengthening early-stage UK cyber capability.
CyberASAP continues to generate measurable outcomes, including £8.89 million in annual GVA and the creation of 34 spin‑out companies, which have collectively raised £43.8 million. The CyberASAP Demo Day provided a clear view of the programme’s impact and the potential of the emerging technologies it supports.
Finalists from the 14 companies which took part in cohort nine of the CyberASAP programme.
9. Latest statistics show good progress on Cyber Essentials and Cyber Explorers
A record 55,995 Cyber Essentials certificates have been awarded to businesses and organisations in the past year, according to new statistics published by the government. The latest quarterly figures show 15,391 certificates were awarded in the last quarter (October –December 2025) with 11,383 at Cyber Essentials level and 4,008 at Cyber Essentials Plus.
New figures for Cyber Explorers also show good progress in delivering the government’s cyber skills scheme for teenagers. 142,036 learners, 4,762 teachers and 3,448 schools are now engaged with the scheme.
10. Government cuts cyber attack fix times by 84% and launches new profession to protect public services
Public services millions of people depend on – from the NHS to the Legal Aid Agency – are becoming significantly safer and more resilient thanks to major improvements by the government to identify and fix cyber threats. A specialist government monitoring service means serious security weaknesses in public sector websites are fixed 6 times faster – cutting the average time from nearly 2 months to just over a week.
Speaking at the annual Government Cyber Security and Digital Resilience conference, Digital Government Minister Ian Murray also launched the first-ever dedicated government Cyber Profession. This programme will recruit and train the top-tier cyber experts needed to keep public services safe. For more information, read the press notice.
11. New platform open for cyber business opportunities in Ukraine
UK cyber companies interested in delivering to the Ukrainian market can now explore opportunities using the new TM Platform. Launched by The Tallinn Mechanism (TM), an international initiative strengthening Ukraine’s civilian cyber capacity, the TM Platform provides up-to-date information and practical content focused on cooperation opportunities. Businesses can register for delivery opportunities in Ukraine and explore tenders and procurements, increase their visibility with donors and the Ukrainian private and public sectors, and get early access to relevant cyber opportunities in Ukraine.
Launched in 2023 and supported by 14 nation states including the UK, US, France and Germany, the Tallinn Mechanism helps strengthen Ukraine’s civilian cyber resilience through coordinated international support. Companies registering on the portal are vetted by the Ukrainian authorities against links to sanctioned entities.
For more information and to register your business, visit the new Ukraine TM Platform.
12. New publications, research and consultations
- Cyber security vulnerabilities of operational technologies (23 Dec 2025)
- Minister Lloyd cyber security speech at BIBA insurance conference (14 Jan 2026)
- Minister Lloyd speech on software security and cyber resilience (15 Jan 2026)
- New NCSC cyber security guidance for operators of critical national infrastructure (28 Jan 2026)
- Evaluation of the NI Cyber AI Hub programme (11 March 2026)
For further information, visit the government’s cyber security page on gov.uk.