Policy paper

DSIT cyber security newsletter - May 2023

Published 4 May 2023

© Crown copyright 2023

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/dsit-cyber-security-newsletter-may-2023/dsit-cyber-security-newsletter-may-2023

1. Director’s message

Last month I attended CyberUK, the UK government’s flagship cyber security event, in Belfast. Our team once again sponsored the Innovation Zone, where eleven start-ups from our Cyber Runway and CyberASAP programmes were exhibiting, as well as taking part in the popular Cyber Den. The Cyber Den competition gave these companies the opportunity to present their innovative cyber products in front of a panel of judges with the chance to win a package of support from the NCSC. Congratulations to Itus Secure Technologies who were crowned the winners this year for their product Cybrisc. It was also announced that CyberUK will be in Birmingham next year. I hope to see many of you there! 

To coincide with CyberUK, DSIT published this year’s Cyber Security Breaches Survey and Cyber Security Sectoral Analysis. These important publications provide key evidence on the current state of UK cyber security and inform our policy making within the National Cyber Strategy. It’s encouraging to see the continued growth of the sector, particularly with a 10% increase in employment compared to last year. However, as the breaches survey highlights, the cyber threat remains widespread and there is still much for us to do to tackle the decrease in prioritisation of cyber security, particularly among smaller organisations.

Finally, last week it was announced that the UK’s consumer connectable product security regime will come into effect on 29 April 2024. This will ensure consumers and businesses will benefit from world-leading security protections from the threat of cyber crime, which includes banning the use of universal and easily guessable default passwords on consumer connectable products, as well as the requirement for manufacturers to publish contact information enabling vulnerabilities relating to their devices to be reported to them.

Erika Lewis

Director , Cyber Security and Digital Identity

2. New Cyber Security Breaches Survey highlights scale of UK cyber threat

DSIT has published the Cyber Security Breaches Survey 2023. This is a research study of UK cyber resilience which provides key evidence to inform policy making and contribute towards the current National Cyber Strategy. Fieldwork was conducted from September 2022 to January 2023 and explores the policies, processes and approach to cyber security by businesses, charities and education institutions. Key findings include:

  • The identification of cyber breaches and attacks has declined over the past year
  • This year has seen a decrease in the prioritisation of cyber security for UK organisations
  • The average cost of the single most disruptive breach in the last 12 months, for businesses that identify material outcomes is estimated to be £3,770 
  • For the first time, the majority of large businesses (55)% are reviewing supply chain risks.

3. Cyber Security Sectoral Analysis shows increased growth and employment

DSIT has published the 2023 Cyber Security Sectoral Analysis. The report contains an overview of the UK cyber security sector, including the number of businesses, the sector’s contribution to the UK economy, the number of people employed and the products and services offered by these firms. Key findings include:

  • 1,979 UK cyber security firms (up from 1,838 last year)
  • 58,005 full time equivalent cyber security jobs (+10% from last year, an increase of 5,300 jobs)
  • £10.5 billion revenue (+3% from last year)
  • £302 million investment raised across 76 deals.

The analysis also includes a regional breakdown of the UK cyber sector and qualitative interviews with businesses and investors.

4. Starting gun fired on preparations for new IoT product security regime

Last week the government announced the UK’s new consumer connectable product security laws will come into effect on 29 April 2024. Once the Product Security and Telecommunications Infrastructure regime is in operation, consumers and businesses will benefit from world-leading security protections from the threat of cyber crime. This includes:

  • Universal and easily guessable default passwords will be banned on consumer connectable products - meaning UK customers will enjoy additional protections from their products being compromised by hackers, and used to launch cyber attacks
  • Device manufacturers will have to publish contact information enabling vulnerabilities relating to their devices to be reported to them
  • Manufacturers will have to be transparent about how long their products will receive security updates for - providing security-conscious consumers with standardised security information to inform their purchasing decisions.

5. Applications open for Digital Growth Grant to boost small and growing tech firms

Applications are now open for some of the programmes being delivered under the government’s £12 million Digital Growth Grant. The programmes - delivered by Barclays Eagle Labs - include a scaleup programme, a funding readiness programme and the ecosystem partnership programme. You can find more information about the programme activities on the Digital Growth Grant website and in this summary.

The Digital Growth Grant is designed to boost small and scaling tech businesses in all corners of the UK. This grant builds on more than £42.2 million invested by the government to support tech start-ups and scale-ups since 2016. Combined investment from Eagle Labs and the government will increase support for the tech sector so more than 22,000 businesses can benefit, with at least 80 per cent based outside London.

6. New Cyber Explorers lesson plans launched

Cyber Explorers has recently announced the addition of new tailor-made lesson plans where teachers can slot Cyber Explorers straight into their classroom activities. Designed for a 50-minute lesson, the lesson plans provide discussion topics, guidance for the applicable challenge or mission on the platform, learning objectives and activities. There is also an exciting new addition of Kahoot! quizzes for extra fun cyber security learning.

7. DSIT Cyber Growth and Innovation Forum: Leeds, 12 June

On 12 June, DSIT will be hosting a Cyber Growth and Innovation Forum in Leeds to discuss the challenges facing the UK cyber sector and how the government can help support companies to grow and thrive. The session will cover a range of topics, including investment and procurement and offer a change for industry to engage with DSIT policy makers.

The event follows a successful Forum in Bristol earlier in the year that was attended by nearly 50 colleagues from across the cyber ecosystem. If you want to have your say and shape the future of cyber, then please email cyberforums@stillcurious.co to attend.

8. CyberFirst Ambassador Recruitment Event: Bristol, 16 May

CyberFirst is holding an ambassador recruitment event at Engine Shed in Bristol on Tuesday 16th May. The event is aimed at anyone in the cyber security sector interested in supporting the education and training of our next generation of cyber security specialists. Anyone keen to work with schools and training providers is welcome to come along. The evening promises to be a great networking opportunity for cyber specialists and computer science teachers alike. For the event or the ambassador programme please email chris@techspark.co.

9. Register to attend UK Cyber Security Council events

The UK Cyber Security Council is hosting a number of events over the coming months, with two in May. These events include three T Level workshops, where employers, providers and students will discuss the significant opportunities T Levels have brought them and some of the challenges facing the cyber security industry, as well as a Breakfast Briefing on diversity, which will explore the themes discussed in the UKCSC’s recent paper - The Diversity Process Flow: Ethnic Minorities in Cyber.

  • London T Level Workshop - 17 May
  • Breakfast Briefing: Diversity - 25 May
  • Birmingham T Level Workshop - 5 July
  • Manchester T Level Workshop - 20 September

10. Government launches GovAssure to bolster cyber resilience

At CyberUK, the government announced it has launched a new scheme, GovAssure, to increase the UK’s cyber resilience and protect the UK government’s essential IT functions from ever growing threats. Under the new rules, all central government departments will have their cyber health reviewed annually through new, more robust criteria. GovAssure will be run by the Cabinet Office’s Government Security Group (GSG), with input from the National Cyber Security Centre (NCSC).

GovAssure introduces a number of changes in the way government protects itself from cyber threats, including using NCSC’s Cyber Assessment Framework to review the assurance measures all government departments have, the assessment of departments by third parties to increase standardisation and centralised cyber security policy and guidance.

Back to top