Open call for evidence

Inspiring and equipping future talent: scaling impact of the CyberFirst programme

Updated 24 May 2024

© Crown copyright 2024

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/calls-for-evidence/call-for-views-on-the-cyberfirst-programme/inspiring-and-equipping-future-talent-scaling-impact-of-the-cyberfirst-programme

Foreword

Viscount Camrose, Minister for AI and Intellectual Property.

The UK Science and Technology Framework set out the UK’s ambition to become a science and technology superpower by 2030. Science and technology are a key part of government ambitions to foster an environment where innovation can flourish.   

In order to realise these ambitions, we need to create an agile and responsive skills system which delivers the talent needed to support a world-class workforce in STEM sectors. This can only be achieved by inspiring young people, expanding their ambitions for the future, and supporting them to develop the right skills. 

A core part of this ambition is delivered through the CyberFirst programme, delivered by the National Cyber Security Centre (NCSC) as part of the UK’s £2.6 billion National Cyber Strategy. CyberFirst has had great success in inspiring young people to consider a career in technology, starting out as a bursary scheme and now boasting a full programme of events, activities, and courses to build interest in cyber security at every age. Since 2016, the programme has reached over 260,000 students in 2,500 schools across the UK. 

Computer science is a key subject, alongside mathematics and the traditional sciences, that will develop a UK workforce that is fit for a science and technology superpower. The CyberFirst programme is increasingly changing perceptions of computer science in schools, with engaged schools seeing a 35% increase in the uptake of A Level Computer Science between 2022 and 2023. This is more than double the national average. The number of students studying computer science is slowly increasing (there was a 12% increase in uptake between 2022 and 2023), however, computer science still has the lowest uptake of any science subject in schools. More work is needed to change perceptions and inspire young people of all backgrounds, across the UK, to consider the opportunities that computer science and a career in technology offers.   

The CyberFirst programme can be a key driver of this change. It is an exemplar of a government and industry backed programme which has boosted the number of people working in technology - specifically cyber security - and increased interest in computer science. The programme has also had great success in building a diverse audience - the CyberFirst Girls competition, for example, has reached over 69,000 year 8 girls and helped break stereotypes around women in computing.  

We are now at a crucial point of setting our ambition to scale this programme further, reaching more and more young people across the country. This needs to inspire and support more of our students to enter not only cyber security but critical and high growth areas such as AI, telecoms and quantum computing. Scale can only be realised in partnership with industry and the wider technology ecosystem.  

I am committed to making sure together we build on the success of CyberFirst and boost the opportunities available to all young people across the UK. I look forward to receiving your responses. 

Viscount Camrose  

Parliamentary Under Secretary of State and Minister for AI and Intellectual Property, Department for Science, Innovation and Technology  

1. Introduction

The CyberFirst programme was established in 2015, as part of the National Cyber Security Strategy, to identify and nurture exceptional young talent from across the UK that could fill the growing skills shortage in cyber security. It was designed to support these individuals into an undergraduate degree bursary scheme that would lead to employment opportunities in cyber security across GCHQ and the National Cyber Security Centre (NCSC).  

The programme was so successful that more activities were added to target younger ages and develop a pipeline of talent into the bursary scheme. This included courses, competitions, an online platform and recognition of proactive schools and colleges which offer excellent cyber security and computing education. The programme is now used as a recruitment tool by many private sector companies. 

These activities have been enabled by the support of over 250 industry, government, education, and academic partners who are committed to support young people into cyber security careers. The programme is delivered and amplified through eight regional partners so that it can best meet local need. This regional reach allows students from the most deprived areas of the UK to access and benefit from CyberFirst opportunities and learning. Programme participants show an increased interest in cyber security careers, with many entering a career in cyber security or pursuing computing qualifications. Over 87% of bursary students that have graduated to date have been employed in the cyber workforce in government as well as the private sector. Industry partners increasingly see CyberFirst as a key part of their recruitment strategy. We know there is opportunity to grow this further with industry and government placement offers from members outstripping the supply of students. 

The CyberFirst programme has shown success in developing a high calibre pipeline of talent for the cyber security sector. The programme’s extensive network of industry partners is testament to this. However, skills shortages are not unique to the cyber sector. The CyberFirst programme has developed the building blocks for a cohesive extracurricular programme which builds young peoples’ interest in technology. If the programme could be grown to areas beyond cyber security, its impact could be hugely expanded.  

CyberFirst has been created and developed by government as a high quality, NCSC assured, offering for young people. The programme is now established, but a new approach is needed to ensure the programme can successfully scale and maximise the available opportunities. To achieve this the programme needs to draw more on non-government partners and increase industry buy in. As such, we envisage the programme existing in a different form in future and are gathering views on what form it should take and how government and industry could best work together to support CyberFirst. Early engagement, with industry, academic and civil society partners has been instrumental in developing this proposal and has shown wide support in ensuring the programme continues to scale and grow.  

The specific aims for the Call for Views are to: 

  • Seek views on the future direction of CyberFirst 
  • Seek views on the creation of a new alternatively-led organisation to take over CyberFirst delivery and achieve scale 
  • Seek views on continuing role of government to support scaled and sustained delivery. 

Who is this call for views for?

We are keen for as broad a range of interested parties as possible to engage with and respond to the call for views. This includes, but is not limited to: 

  • Existing CyberFirst Industry and delivery partners and those who have provided sponsorship to the current programme 
  • Professional bodies and any other organisations with an interest in scaling the STEM/computing skills pipeline in the UK 
  • Education agencies of the four Nations 
  • Teachers and educators with an interest in increasing STEM/Computing skills for students  
  • Students and recent graduates who are thinking about cyber, AI, quantum, data and other technology careers   
  • Parents and guardians who are interested in extracurricular offerings to support STEM/Computing Skills 
  • CyberFirst alumni who have engaged with the programme previously 
  • Industry who are engaged in activities to promote STEM/Computing skills 
  • Charities, social enterprise organisations and non-profit organisations who support students to develop STEM/Computing Skills  
  • Individuals who aspire to work in cyber, AI, quantum and data in the UK  
  • Academia 

Issue date: The call for views was issued 15 May 2024. 

Deadline: The call for views closes at 23:59 on Friday 9 August 2024. 

How to respond

To help us analyse the responses, please use the survey link to respond. In each section of the survey, there is a summary of the corresponding part of this document which represents the full call for views document.  

Enquiries

For questions on how to engage with the consultation process, you can contact the team on: cyberfirstviews@dsit.gov.uk. Responses to the consultation or about the substance of the policy should be submitted through the online survey. We will not consider correspondence sent to the cyberfirstviews@dsit.gov.uk inbox as a response to the consultation.  

Other ways to respond

If for exceptional reasons, you are unable to use the online system, for example because you use specialist accessibility software that is not compatible with the system, please request a word document version of the form by emailing cyberfirstviews@dsit.gov.uk and send it back to the same address, or post it FAO Cyber Skills team, CyberFirst Call for Views, Cyber Security, DSIT, 100 Parliament Street, SW1P 2BQ. 

Additional copies

Additional copies are available electronically and can be downloaded from GOV.UK. 

Next steps

The government’s response is likely to be published on GOV.UK in Summer 2024. 

2. CyberFirst: offerings and impact

The CyberFirst Programme is made up of a range of initiatives that help young people develop the skills and experience needed to enter a cyber security career. These are primarily delivered by the National Cyber Security Centre (NCSC) and the Department for Science, Innovation and Technology (DSIT). The approximate annual cost of delivering the current CyberFirst portfolio is £10 million and is made up of the following initiatives: 

Programme Details
Undergraduate Bursary Programme  Provides financial assistance to students during their undergraduate degree alongside industry placements and participation in a summer cyber academy programme. 
Regional Ecosystem Partners and Hubs Eight partners deliver local CyberFirst courses and inspiration days in partnership with local industry and academia. This also includes CyberFirst Schools and Colleges, which act as a hub to help improve the local educational offerings to more young people.
The CyberFirst Girls Competition National competition for girls aged 12-13 year old to test and develop their knowledge and skills through tackling cyber challenges.
CyberFirst Courses Range of extracurricular short courses developed for 11-17 year olds and delivered over selected points throughout the calendar year, including summer courses.
Cyber Explorers Interactive and gamified educational content for 11-14 year olds delivered on a free online platform, supporting teaching inside and outside the classroom.

1. Undergraduate Bursary Programme  

Summary 

This programme offers a comprehensive package of financial assistance and training to help kick start a career in cyber security. It includes:  

  • An annual bursary of £4000 for each year of degree study in any undergraduate degree.  
  • Free summer training academy in year 1 to accelerate development of cyber security and computing skills. 
  • Paid summer work experience placements in year 2 with GCHQ, NCSC and 30 government departments, as well as over 180 industry members. 

Students go through a rigorous application process where they are tested primarily on aptitude and interest in computing. The programme allows students to study any discipline and has attracted undergraduates in subjects as wide ranging as the Humanities, Economics and Law as well as more technical-focused subjects, such as Computer Science and Cyber Security. 

Successes and opportunities 

Since the launch of the programme there have been 1,280 bursary students. Interest in the scheme has increased year-on-year with 1,800 applications for 100 places in the last academic year, demonstrating high demand from students. The diversity of successful applicants has grown. Successful female applicants rose from 17% in 2016 to 37% in 2023. Additionally, the percentage of successful applicants from ethnic minority backgrounds rose from 14% in 2016 to 20% in 2023. 

The percentage of students joining the bursary scheme that have attended a previous CyberFirst event has steadily increased each year from 5.6% to 48% in 2023, demonstrating the successful pull through from earlier CyberFirst activities. This shows us that the pipeline being established does increasingly bring high-performing and diverse young people towards the bursaries scheme, showing the value of the end-to-end range of offerings. 

The bursary scheme has a proven track record of attracting students with the right aptitude and skill set to succeed. The number of industry placements offered last academic year outstripped the number of students on the programme, demonstrating strong industry interest in the calibre of students in the programme. Of the 736 bursary students who have graduated to date, 642 (87%) have been employed in cyber security, with the vast majority working in industry. There is a network of over 200 employers who offer work placements to or hire students from CyberFirst. 

Industry feedback  

We’re very impressed by the quality and diversity of candidates that we get from CyberFirst. We’ve always had technically skilled and highly engaged students come to us for the summer. We’re increasing from 2 to 3 placements this year because the candidates were so good we didn’t want to miss the opportunity to work with them. - FoundryZero 

The CyberFirst Bursary Scheme is invaluable to our early career’s cyber strategy here at BT Business. The scheme works seamlessly in identifying high potential students for our summer placement scheme and is also well aligned to our diverse ambitions. Student feedback confirms the inclusivity at BT during their placement was a big factor in accepting a permanent role. This is a relationship we really value and are keen to continually develop. - BT

IBM have found the summer placement scheme to be a great way of exposing bursary students to a range of cybersecurity and software engineering work opportunities over the course of their degree. In general, we have been very impressed with the students who have taken up placements with IBM in terms of both their capability and their attitude to work. Over the past 2 years we have been so impressed with these students that we have made offers to all of the students we have placed who are entering their final year of their university course with an acceptance rate of 80%. - IBM

I would say that the Bursary Scheme is a really positive programme that helps smaller organisations like CyberScale access talented students that we may not have come into contact within our day to day. - CyberScale 

Student feedback 

I found the bursary particularly attractive in that it allowed me to go to university. I was thinking of applying after my A Levels, but I knew that with my circumstances I wouldn’t be able to get by on my student loan alone. The financial support has been really helpful, in that sense. I’m learning so much too, on a practical level.  

Right now, in my summer placement, I’m working on a research project on active hacker groups. It’s about building awareness of existing threats. Then, when the business talks to customers about the risks in their sector, we can give them bite-sized, concise information on active hacker groups in their specific industry. It’s really interesting work. - CyberFirst bursary student 

You’re surrounded by people who are experts in security, So, if you don’t feel 100% confident in the area, then I’d definitely say you’ll feel more knowledgeable even after just one summer placement. Your academy instructors or your placement colleagues will be so good at explaining things to you. I’ve discovered that the roles available in both the public and the private sector are far reaching, and there really is something for everyone. There are paths from penetration testing, secure development, incident response to risk management, then there are sales, project management and recruitment roles. And that’s just to name a few. It’s just opened my eyes to the industry. - CyberFirst bursary student

Bursary Programme Summary Table: 

Cost in 23/24 Reach Impact Asset
£3.8 million 100 places available per year; 1,280 students since launch Social Value created: circa £5 million; Over 200 employers offering placements; 87% of graduates employed in cyber sector; Participants report improved cyber knowledge, skills and interest in cyber careers IP for student aptitude testing; C-Bay portal for student matching process; Active Alumni network

2.Regional ecosystem partners 

Summary 

Regional partners were appointed to drive the number of schools engaged with the CyberFirst programme. There are currently 8 partners covering the South West, North East, North West, West Midlands and Yorkshire and Humber in England, alongside partners in Scotland, Wales and Northern Ireland. Regional partners are responsible for the following objectives: 

  • Delivering CyberFirst activities in schools and colleges. 
  • Managing the CyberFirst School applications and continued growth of regional hubs.   
  • Driving strong relationships between CyberFirst schools, local industry, and universities.    

What is a CyberFirst School or College? 

The National Cyber Security Centre formally recognises schools and colleges which are committed to provide a structured approach to excellence in cyber and computing education. There are currently 129 CyberFirst Schools and Colleges in the UK. 

CyberFirst Schools and Colleges have opportunities to engage with local companies and universities who provide resources and expertise and also become a hub for local cyber activities.

What it means to be a CyberFirst School (video)

Successes and opportunities 

Since September last year, regional partners have facilitated the delivery of over 5,000 hours of industry volunteering, supporting over 250 CyberFirst activities to reach over 20,000 students. This has been made possible through a growing number of industry, education, and academic partners - over 200 to date - plus a growing number of CyberFirst ambassadors (of which there are currently 108).  

CyberFirst Ambassadors are professionals with a background in cyber or computer science who work with the regional partners to help champion CyberFirst activities with industry and support CyberFirst schools and colleges in their local area. 

Regional partners have started to secure additional investment from industry to scale activities even further. For example, in the North West, £360,000 has been raised from companies including KPMG, IBM, BT, QinetiQ, Roke and Northrop Grumman. For the north west region alone, these companies identified a social return on investment (SROI) of £2.55 against every £1 invested[footnote 1]. Employers choose to invest in CyberFirst for a number of reasons, including to identify and support future talent, to network and influence with government, local communities, academia, and other companies, and to support their corporate social responsibility objectives.  

Industry feedback 

The skills gap in technology and cyber in the North West is reflective of a global challenge and it’s widening. Supporting schools in achieving CyberFirst Schools and Colleges status is one way we can help to shift that balance. Every time we engage with a school, we know that can have a positive impact and every time I personally spend time in schools, talking to teachers and to students it’s the highlight of my week and my teams tell me the same. Investing money as well as time into this and working with IN4 [North West Regional Partner] has given us the incentive and the opportunities to be more effective and operate at a greater scale than we’ve ever done before in this area and that’s something we are very excited about. - CyberFirst industry partner, KPMG

Many companies complain about the quality and quantity of applicants for new roles. We are addressing this by encouraging young people to seek a career in this domain, overcoming where possible, any preconceptions or prejudices. Through this engagement, we hope that one day they will remember our company and want to work for us. - CyberFirst industry partner, Qinetiq 

.

School feedback 

Since gaining the Cyberfirst Bronze award we have used it to forge links with GCHQ Bude who have given cyber security workshops, attended the fantastic Cyber Horizons event at Truro College organised by Cyberfirst/NCSC in collaboration with the Police, Software Cornwall and several other organisations. We had several teams enter the CyberFirst girls competition this year and look forward to the next one. In short, we massively appreciate the opportunities being a CyberFirst school has bought to our pupils and look forward to continuing this partnership. - Brannel School

Gaining cyber college status will allow us to highlight our current work in this area to parents and future students but also create new links with industry partners to offer further experiences for our learners. Our students join us by wanting to work in cyber security, but will hopefully leave with an understanding of what is required, a skillset to begin that journey and knowing the next steps in their journey. - Winstanley College 

Our partnership with the NCSC and the CyberFirst programme affords our students unrivalled opportunities to learn about the varied cyber careers, and network with industry colleagues. As a result, they are enthused and inspired, which is having a positive impact on their learning. - SGS Berkeley Green UTC

Regional ecosystem partners summary table: 

Cost in 2023/24 Reach Impact Asset
Funding awarded to regional partners:  £1.6 million Over 19,000 students since September 2023; Regional partners working in 6 UK regions/nations (2 new regions in 24/25); 129 CyberFirst Schools and Colleges; Over 750 CyberFirst Activities Social Value created circa £10.6 million; Over 2,500 hours of industry volunteering; Gives schools access to content to complement and enhance curriculum and develop career education Local networks between CyberFirst industry partners, ambassadors and schools.

3.The CyberFirst Girls Competition 

Summary 

Only 17% of the UK cyber workforce is female[footnote 2]. Tackling this imbalance is a priority for many reasons, including that it is well established that a diverse workforce is a prerequisite to building an effective response to security threats. Only 21% of candidates for GCSE computing in England are female[footnote 3], yet female candidates on average perform better than male candidates. The CyberFirst programme recognises that more needs to be done in schools to address negative perceptions and barriers to participation. 

The CyberFirst Girls Competition was created to increase the number of young women having an interest in cyber security and technology, particularly as the diversity of participants in computer science GCSE and A level is poor. The competition is a team event, with each team consisting of up to four girls in Year 8 (England and Wales), S2 (Scotland) or Year 9 (Northern Ireland) who tackle challenges from cryptography to AI. The winners can claim prizes for themselves and their school.  

The competition currently takes place online, with student teams completing challenges on an online platform with supervision and support from a teacher. Winning teams for each category are then invited to a regional celebratory event, with engaging activities and a prize-giving. Employers often support by providing prizes and hosting competition events.  

Successes and opportunities 

Since its launch over 69,000 12-13 year old students have taken part. Many go on to attend CyberFirst courses or apply for the bursary scheme. The competition has had great success in driving up interest in cyber security and participating schools report increased interest in computer science qualifications more broadly. 

School feedback 

As a direct result of the competition, there is already a much greater interest in computing and cyber security from the girls (and boys!) in year 8. So, thank you to everyone who’s continuing to make this happen; it is genuinely having an impact on the interests, confidence, and knowledge of our students. - Educator

In all my years of teaching I have spent many hours trying to find a way to fight the societal biases that turn girls away from tech-related courses with only limited success. CyberFirst [Girls Competition] changed that. There is no barrier. Students love the ‘chasing the bad guy’ elements, and the puzzle-based approach makes it perfect for my high-end, intelligent students. Moving it [the competition] to Year 8, when students traditionally have ‘nothing to do’ led to the rapid expansion that we saw. This has led in turn to much better engagement in Y9, ever-increasing GCSE numbers and A level numbers which have doubled here over the period since CyberFirst first appeared on the scene. - Educator

Girls Competition Summary Table: 

Cost in 2023/24 Reach Impact Asset
£700,000 69,000 student participants since launch; In 2023 589 schools participated, with 155 schools participating in the finals Social Value created circa £7.9 million; Participants reported significant improvements to their cyber security knowledge and skills (76% reported poor cyber knowledge pre-competition; Post competition 87% reported good or very good knowledge); Participants reported significantly higher levels of interest in learning more about Computing qualifications e.g. GCSE computer science, SQA qualifications in Cyber Security IP for competition content and resources

4.CyberFirst Courses 

Summary 

CyberFirst courses are extra-curricular courses for children aged 11-17 which help build on young people’s existing technology skills and interests. They are designed to bring out every student’s potential with content to stretch the most capable, whilst also supporting those with little or no knowledge. Courses are delivered in a mixed format through various delivery partners, with some courses delivered in person and some virtually.  

CyberFirst courses

  • CyberFirst Trailblazers, a half day course for 12-13 year olds, aimed at encouraging students to consider studying Computer Science GCSE.
  • CyberFirst Adventurers, a half day course for 13-14 year olds, created to highlight the role of technology in the workplace and show the opportunities offered by studying Computer Science.
  • CyberFirst Investigators, a one-day course for 12-14 year olds, designed to increase understanding of the different specialisms within cyber security and equip student with valuable skills.
  • CyberFirst Defenders, gives 14-15 year olds practical skills around how to build and protect small networks and personal devices.
  • CyberFirst Futures helps 15-16 year olds explore advanced cyber security threats and discover ways to prevent them.
  • CyberFirst Advanced allows 16-17 year olds to hone the skills and behaviours needed to enter the cyber security and computing workplace.

Successes and opportunities 

Since 2016, CyberFirst courses, have reached over 24,000 students. They have successfully attracted students from a range of backgrounds. Over 43% of students attending the courses are female and over 40% are students from ethnic minority backgrounds. Participants have reported an increased interest in pursuing further study or a career in computing and/or cyber security.  

CyberFirst courses offer high quality content that supports students at different ages to pursue computing qualifications, build their cyber security knowledge and skills and learn more about technology career pathways. There are lots of opportunities to scale the reach of course content, including by expanding delivery through the CyberFirst regional partners or industry partners. 

In Scotland, for example, the regional partner (Education Scotland) is piloting a ‘train the trainer’ model to train teachers to deliver the Trailblazer course content within core curriculum time to support delivery of computing classes. This has the potential to increase the number of students able to take part in the courses.  

CyberFirst courses summary table: 

Cost in 2023/24 Reach Impact Asset
£1.5 million 24,000 students reached since 2016 Social Value created circa £5 million; 43% of students female and 40% from ethnic minority backgrounds; Participants report increased interest in pursuing further study or a career in computing and/or cyber security; Encourages students to take computing qualifications such as GCSE Computer Science; Increases participants cyber skills and knowledge IP for all courses

5.Cyber Explorers  

Cyber Explorers is a free, interactive learning platform available across UK secondary schools. It teaches 11–14 year olds how digital, computing and cyber skills are integral to a range of career paths, including social media content creation, sports technology and medical research. It does this through a gamified journey made up of quizzes and activities, the platform teaches students about the future of technology in the workplace and gives them skills to be safe and secure online.  

The learning content was developed by experts and supports the learning objectives and curriculum for Key Stage 3 in England, Wales and Northern Ireland and S2/S3 in Scotland. There are written guides to platform modules and additional resources for teachers to enable use in the classroom or in after-school clubs. It can also be accessed for independent learning by children who are home-schooled or for independent study at home. 

Since launch in February 2022, over 60,000 students have registered on the platform in over 2,500 schools. Additional regional activities have been trialled to drive up engagement with the platform, including a ‘Cyber Explorers Cup’ Competition in 2024.  

Initial evaluation findings showed educators found the platform engaging and appealing, highlighting the diverse range of characters and interactive nature of the content. Cyber Explorers has successfully reached a diverse audience of students with over 22,000 registered students from five of the most deprived areas in the UK. 

There are opportunities to scale the impact and reach of the Cyber Explorers platform and better link the platform and content with other CyberFirst activities, for example completion of content on the platform could win technology/educational prizes or access to other CyberFirst courses for schools. At the same time there are opportunities to increase the programme efficiency and reduce the costs through creating new innovative delivery methods.  

Cost in 23/24 Reach Impact Asset
£2.7 million Over 60,000 students registered; 2,500 schools involved Builds foundational cyber security knowledge and skills for young people; Supports educators to deliver the national curriculum and extend beyond it IP for all  Cyber Explorers content

3. Proposal

The CyberFirst programme aims to chart a clear path between the academic subjects students learn at school and the practical opportunities that exist in the workforce. Tech careers can be creative, exciting, well paid and draw on a wide range of both technical and non-technical skills but these opportunities are not always visible to young people in our education system. CyberFirst makes them visible - creating a more compelling case for students to study subjects like computer science. 

The programme has had a great deal of impact under the ownership of NCSC but its impact could be even bigger if it was led outside government, whilst maintaining NCSC and wider government links and oversight. There are previous examples of government funded programmes successfully developing alternative revenue streams alongside government funding, such as Grok Academy in Australia. Government ownership limits the ability to scale the programme, for a number of reasons. While the demand for CyberFirst from industry continues to grow, the capacity for government to grow funding and other resources for the programme is limited. Government has already committed £2.6 billion over three years to deliver the National Cyber Strategy, including over £30m for the CyberFirst programme. While the original ambition for CyberFirst was to generate a talent pipeline for government, the demand for this pipeline increasingly comes from the private sector. The 2023 Labour market survey showed that only 3% of cyber jobs advertised were for the public sector[footnote 4].  

Where a programme is fully government run, industry can provide in-kind support (such as providing venues and volunteers), but it is administratively and legally difficult to collect financial contributions that can be spent on programme delivery. While some CyberFirst delivery partners have been able to create financial relationships with industry, the industry supporters have only had the opportunity to work with CyberFirst in select geographical areas and have only been able to partner in limited parts of the CyberFirst programme. Other countries have expressed an interest in acquiring CyberFirst assets for use internationally. It has proven legally challenging to license assets within the current structures that these assets are held.  

In order to take the CyberFirst programme to the next phase of delivery and ensure sustained impact and scale across the UK, this call for views is testing the idea of establishing an alternative body to lead CyberFirst. This would allow industry and other partners to invest more heavily in the programme. Companies support the programme for reasons including: 

  • To identify future talent. Relationships with schools, colleges and universities, as well as the students themselves, allows industry partners to develop their recruitment pipeline. 
  • To contribute towards corporate social responsibility objectives. A company investing to support its own sector and to support the supply of talent in its own geographical area, makes sense. It also provides an opportunity to demonstrate social value when bidding for business. 
  • To build their brand. CyberFirst is seen as a premium brand and association with it has value. Cyber is a people business and businesses working with the CyberFirst programme are focused on developing the best people. 
  • To network and influence. CyberFirst provides opportunities for companies to meet with other businesses in the local tech ecosystem, as well as an opportunity to meet with influencers in the cyber sector, such as NCSC and government officials and ministers. 
  • To give their staff the opportunity to give back. Having the opportunity to visit schools and inspire the next generation makes the job worthwhile. CyberFirst provides an easy to access package to make this happen. 

Establishing a new organisation   

An independent CyberFirst body would be able to: 

  • Scale impact and build long-term sustainability by leveraging increased external funding and involvement to support activities in a way that cannot be facilitated through government ownership of the programme. We have seen promising examples of this in, for example, the North West CyberFirst partnership approach with industry. 
  • Commercialise parts of the CyberFirst package to generate further revenue and support the delivery of core activities. 
  • Adapt the CyberFirst offer to be more business, sector and/or regionally specific. 
  • Increase collaboration between government, industry and wider stakeholders on the future direction of CyberFirst. 

Government support for CyberFirst will continue and it is recognised that continuing government commitment and engagement is essential to maintaining brand recognition and support from industry and educators. There will need to be a mechanism in place to allow CyberFirst to continue to have a clear and visible badge showing that it is supported by HM Government and the NCSC.  

Currently, the CyberFirst programme is almost entirely funded by central government with some non-government funding streams developed by the regional ecosystem partners. Government financial support for the scheme will continue but as the scheme scales up across the UK, the overall balance of funding is expected to change such that government will no longer be the majority funder in future.   

This proposal does rely on CyberFirst developing other primary sources of funding to support its work. There are several sources of funding a new organisation could consider using to help ensure long-term sustainability: 

Industry donations. Industry has demonstrated willingness to support CyberFirst’s regional partners both financially and with alternative types of support (e.g. event space, resources, staff). This support has mainly been through corporate social responsibility or social value contributions.  

Philanthropic/Charitable Support. A new organisation with non-profit or charitable status would be able to accept more traditional charitable donations and support from fundraising. 

Government grants. A new organisation would be better able to compete for other forms of government support, such as levelling up funding or government grants, particularly at a regional level or in the devolved administrations.  

Branding/assurance. CyberFirst has started to award its brand to high quality initiatives that support the CyberFirst mission and signposting to them as part of the CyberFirst pipeline. This work could be expanded to help bring more clarity to users in the youth space and generate revenue.  

Commercialising CyberFirst assets. Aside from the talent pool it creates, CyberFirst has a range of assets, such as courses content that could be used to generate revenue both in the UK and overseas.  

Question:  

  • Do you agree or disagree with the proposal to establish a new organisation to deliver CyberFirst? 

  • Do you think industry donations are a viable way for CyberFirst to generate revenue? 

  • Do you think philanthropic/charitable support is a viable way for CyberFirst to generate revenue? 

  • Do you think government grants are a viable way for CyberFirst to generate revenue? 

  • Do you think branding/assurance is a viable way for CyberFirst to generate revenue? 

  • Do you think CyberFirst assets are a viable way for CyberFirst to generate revenue? 

  • Do you have other suggestions for commercialisation options? 

Organisational structure 

CyberFirst’s regional partners have had great success in expanding the reach of the programme on a bespoke basis. Any governance model of a new organisation could reflect this devolved approach. A central body could raise funds from government and industry, oversee the programme and deliver activities nationally. Regional partners could deliver on-the-ground activities tailored to the local region, build local networks and coordinate local fund-raising. This regional activity could be centred around regional hubs with shared responsibility between local government, industry, academia and education partners. This would help to secure long term sustainability and scale regional activities. 

Further development of the structure of a new alternative body and the relationship with regional partners will be developed based on responses from the call for views and further engagement with CyberFirst stakeholders. This will ensure the structure of a new organisation would support the delivery of regionally based activities and the offering remains consistent and of a high quality. 

Question:  

  • Do you agree or disagree that there should be a central body which raises and redistributes funds to regional partners? 
  • Do you have other suggestions for how a new organisation could be structured? Please provide details. 

Mission 

The purpose of the CyberFirst programme has always been clearly defined with the following objectives: 

  • Educate and inspire the next generation about the importance and possibilities of pursuing a cyber or tech career, 

  • Create a diverse pipeline of talent to supply the UK workforce, create a network of industry stakeholders to support the growth of cyber and tech sectors,  

  • Increase the number of students taking relevant STEM qualifications such as Computer Science GCSE and other relevant further/higher education opportunities.  

CyberFirst activities are free for the end-user and not profit driven, they are designed to identify, nurture and inspire a diverse range of talented young people into a cyber security career. There is a focus on reaching untapped talent from socio-economically disadvantaged backgrounds or those who are less likely to engage with cyber security without intervention (e.g. girls who are underrepresented in further and higher academic cohorts and the workforce). Any new organisation would need a ‘public good’ mission to maintain these core principles and ensure the CyberFirst programme remains focused on delivering high quality activities to as many young people as possible, without imposing a cost barrier on students, teachers and schools across the UK. Whilst a new organisation would have more capacity for commercial activities, any profit generated should be put back into the programme to support wider delivery of activities.  

Question:  

  • Do you agree or disagree that any new organisation should have a ‘public good’ mission and maintain these core objectives? 

Scope 

The CyberFirst programme was established by NCSC to support young people to begin a career in cyber security. Since then, the landscape within government has evolved, including the creation of the Department for Science, Innovation and Technology and the publication of the Science and Technology Framework in 2023. This has reinforced government commitment to ensuring the UK has a large, diverse base of technical talent to support technology and STEM sectors.  

The CyberFirst programme is well positioned to support these broader ambitions. An extracurricular programme with a pipeline of interventions focused on building key computing and cyber skills for young people aged 11-25, it is a proven and successful model with strong brand recognition and support from a wide range of stakeholders, including those in education and industry. 

The scope of CyberFirst could be adapted to support talent pipelines into wider tech sectors such as AI, quantum and data science, which heavily rely on students following a STEM and computing educational pathway. This would enable more industry partners to get involved and ensure there is a cohesive extracurricular offer to schools and educational institutions that want to encourage young people to consider a technology pathway.  

The content developed for CyberFirst activities, particularly those directed at younger age groups, cover broad foundational topics and skills such as coding, computational thinking and data analysis. This cross-cutting foundational knowledge would make it relatively easy to expand the programme to deliver talent to other tech sectors.  

A programme which inspires young people to go into technology more broadly may benefit from some sector specific initiatives to inspire and develop interest in certain sectors. Sector specific initiatives may be useful at a certain stage in the CyberFirst pipeline to ensure the development, for example, of cyber security specific skills and interest. Options for what a programme with broader scope would look like in practice would need further development. 

Questions:  

  • Do you agree or disagree that CyberFirst should be expanded beyond cyber security to support the development of talent into other tech sectors? 
  • Do you think there should be sector specific initiatives within the programme?  
  • If so, which age range should these target? 

Future role of government  

NCSC, with DSIT support, has run the CyberFirst programme. Its leadership has led to the successful growth of CyberFirst and ensured that the CyberFirst brand is seen as high quality and trustworthy by both industry and young people.   

NCSC and DSIT would remain closely involved with any new organisation to ensure this appeal remains, that the quality of the programme is upheld and that the programme does not drift from its core purpose. Continued government involvement and support would help maintain industry confidence in the programme and its longevity. Government could provide useful insight into current skills gaps. Its involvement with the programme would help inform government skills strategies. 

The devolved administrations in Scotland, Wales and Northern Ireland have an important role in championing CyberFirst activities in their nations, they would remain closely involved with supporting the delivery of CyberFirst in their context and ensuring it aligns with their policy aims. 

Question:  

  • Do you agree or disagree that NCSC should remain closely involved with CyberFirst?  
  • Do you agree or disagree that DSIT should remain closely involved with CyberFirst?  
  • Do you agree or disagree that the devolved administrations should remain closely involved with CyberFirst in their respective nation?  

4. Next steps

This public consultation provides the opportunity for DSIT to obtain views from all stakeholders with an interest in the CyberFirst programme or increasing the pipeline of talent into technology sectors. It will inform the next steps of government policy. We encourage anyone with an interest in this area to engage and respond. The consultation will be open from 15 May until 23:59 on Friday 9 August. The government will publish a response in due course. 

Appendix - full list of consultation questions

Summary of questions 

Please note the questions below are for reference only. All consultation responses should be submitted through the online survey

Organisational demographic questions on those responding to the call for views: 

  1. Are you responding as an individual or on behalf of an organisation? 
  • Individual 
  • Organisation 

2.[if selected “individual” to question 1] Which one of the following statements best describes you? 

  • Cyber Security professional 
  • Employer of cyber security professionals 
  • Professional in another sector 
  • Academic 
  • Educator 
  • Student 
  • Interested in a career in technology and/or cyber security 
  • Interested member of the general public 
  • Other [Free text] 

3.[if selected “organisation” to question 1] Which of the following statements best describes your organisation? 

  • CyberFirst Industry Partner  
  • Cyber Security Organisation 
  • An academic or educational institution  
  • Organisation with an interest in cyber security or other priority technologies. 
  • Non-cyber security specific professional body or trade organisation with an interest in cyber security (please specify your sector) [free text] 
  • Other [Free text] 

4.Are you happy to be contacted to discuss your response and supporting evidence? Yes / No 

5.If yes, please provide your email address. [Free Text] 

Establishing a New Organisation 

6.Do you agree or disagree with the proposal to establish a new organisation to deliver CyberFirst? Strongly agree/agree/neutral/disagree/strongly disagree 

7.Please give reasons for your answer. [Free text] 

8.Do you think industry donations are a viable way for CyberFirst to generate revenue to enable the scheme to scale up? Yes/No 

9.Do you think philanthropic/charitable support is a viable way for CyberFirst to generate revenue? Yes/No 

10.Do you think government grants are a viable way for CyberFirst to generate revenue? Yes/No 

11.Do you think branding/assurance is a viable way for CyberFirst to generate revenue? Yes/No 

12.Do you think CyberFirst assets are a viable way for CyberFirst to generate revenue? Yes/No 

13.Do you have other suggestions for commercialisation options? [Free text] 

Organisational Structure 

14.Do you agree or disagree that there should be a central body which raises and redistributes funds to regional partners? Strongly agree/agree/neutral/disagree/strongly disagree 

15.Please give reasons for your answer. [Free text] 

16.Do you have other suggestions for how a new organisation could be structured? Please provide details. [Free text] 

Mission

17.Do you agree or disagree that any new organisation should have a ‘public good’ mission and maintain these core objectives? Strongly agree/agree/neutral/disagree/strongly disagree 

Scope 

18.Do you agree or disagree that CyberFirst should be expanded beyond cyber security to support the development of talent into other tech sectors? Strongly agree/agree/neutral/disagree/strongly disagree 

19.Do you think there should be sector specific initiatives within the programme? Yes/No 

20.If so, what age range should these target?  

  • Under 10 years old 
  • 10-12 years old 
  • 13-15 years old 
  • 16-18 years old 
  • Over 18 years old 
  • Other [Free text] 

Future Role of Government 

21.Do you agree that NCSC should remain closely involved with CyberFirst?

Strongly agree/agree/neutral/disagree/strongly disagree 

22.Please give reasons for your answer. [Free text] 

23.Do you agree or disagree that DSIT should remain closely involved with CyberFirst?

Strongly agree/agree/neutral/disagree/strongly disagree 

24.Please give reasons for your answer. [Free text] 

25.Do you agree or disagree that the devolved administrations should remain closely involved with CyberFirst in their respective nation?

Strongly agree/agree/neutral/disagree/strongly disagree

  1. [https://in4group.co.uk/resource-hub/cyberfirst-2023-social-impact-report/](https://in4group.co.uk/resource-hub/cyberfirst-2023-social-impact-report/ 

  2. Cyber Security Skills in UK Labour Market 2023, DSIT 

  3. GCSE computing entries 2023, England, https://analytics.ofqual.gov.uk/apps/GCSE/Outcomes 

  4. Cyber Security Skills in UK Labour Market 2023, DSIT 

Back to top