UK gov asks university boffins to pinpoint cyber growth areas where it should splash cash
(2025/06/19)
- Reference: 1750334227
- News link: https://www.theregister.co.uk/2025/06/19/uk_gov_asks_university_boffins/
- Source link:
Cybersecurity experts have started a formal review into the UK cybersecurity market, at the government's request, to identify future growth opportunities as it looks to grow the industry that's core to the country's Industrial Strategy.
Announced on Wednesday, the [1]Cyber Security Growth Action Plan will deliver its findings later this summer, complete with recommended actions for the government to take to ensure the £13.2 billion ($17.7 billion) sector continues to grow.
The review is being led by Simon Shiu, visiting professor of cybersecurity at the University of Bristol and recently departed VP and director is cybersecurity research at HP Labs. He will be assisted by fellow colleagues from Bristol and experts at the Centre for Sectoral Economic Performance at Imperial College London.
[2]
The team will examine the UK's strengths and identify areas of opportunity that will later be used to plot the UK's roadmap for cyber growth.
[3]
[4]
Its findings will also feed into the upcoming, refreshed National Cyber Strategy, which will focus on amending the existing strategy in line with the latest cyber threats to ensure national [5]cyber resilience .
"The UK cyber sector is successful and growing, but so too are the challenges as demonstrated by recent events which have affected businesses and consumers," said Shiu.
[6]
"Based on input from all parts of the cyber sector, this project will make independent recommendations to accelerate growth in cyber, but also to increase cyber resilience in the other sectors critical to UK security, industry, and prosperity."
The UK government also said there'd be up to £16 million ($21.5 million) in new funding to support the commercial growth of cybersecurity businesses.
Up to £10 million ($13.4 million) will be made available over the next four years to the CyberASAP scheme, which aims to help academics turn their research into viable commercial products.
[7]
Then, up to a further £6 million ($8 million) will be made available over the same period to help scale small businesses and startups, and help them access additional markets.
Senior minister Pat McFadden said: "Today's investment will help to turn innovative ideas into successful businesses up and down the country, and the new research will support our mission to grow the economy.
"Recent cyberattacks show just how important it is we foster the development of the sector – delivering the double dividend of high-paying jobs as well as strengthening the country's cybersecurity."
The investments announced this week will represent just a small sum of the total package expected to be delivered to the cybersecurity sector by the time the UK's Industrial Strategy is launched at the end of the month.
In addition to cybersecurity, sectors such as clean energy, financial services, manufacturing, professional services, and more are expected to receive sizable investments in a bid for economic growth.
It's all part of the government's Plan For Change, a phrase you may have seen bandied about in official comms and political coverage. It is basically a list of lofty goals Labour set out when it took power last year, one of which was to achieve and sustain economic growth.
In theory, this will boost innovation and create new jobs for Brits, so says the government.
Cybersecurity minister Feryal Clark said: "Through our Plan for Change, we're backing the sector to create high-quality jobs through the Cyber Growth Action Plan and ensuring our public services are built on secure foundations with the expert support of the Government Cyber Advisory Board."
New faces, but maybe not the right ones
Speaking of which, alongside the Cyber Security Growth Action Plan and new investment announcements, the government's new-look Cyber Advisory Board was also unveiled this week.
First assembled in 2022 as part of the 2022-2030 National Cyber Strategy launched by then-PM Boris Johnson, the board's role is to advise the government to make better strategic choices.
It serves as a sounding board for ministers, with high-profile voices from industry, academia, and the third sector all providing technical expertise to shape policy decisions.
Senior security folk from the likes of Big Tech (Google, AWS, Microsoft, and DeepMind) are involved, so too are university professors, representatives from top banks, legal eagles, energy companies, and more.
Ian Thompson, not our beloved vulture but Google's senior government cyber advisor for MENA and GCAB member, said: "The Government Cyber Advisory Board plays a vital role in bringing together expertise from across government and a wide set of industry sectors.
"This cross-sector collaboration not only accelerates the sharing of best practices and experience but also ensures balanced perspectives and mutual learning – something I'm personally finding invaluable."
Heather Bedson, head of information security at BPP, added: "Being part of the GCAB is an opportunity to drive change and improve the government's cyber resilience by using expertise from a wide range of industries."
Not everyone was so delighted, though. Graeme Stewart, head of public sector at Check Point, said there is a distinct lack of representation on the board from organizations that perhaps should be able to feed into these decisions.
[8]Scottish council admits ransomware crooks stole school data
[9]FBI, Microsoft, international cops bust Lumma infostealer service
[10]M&S warns of £300M dent in profits from cyberattack
[11]Ransomware attack on food distributor spells more pain for UK supermarkets
He said: "What really surprised me was the makeup of the advisory board. There are plenty of big organizations represented, but no specialist cybersecurity firms are included. The absence of any dedicated cybersecurity specialists is a striking omission. It's also worth pointing out that while there is public sector representation on the board, it's almost entirely from academia. That does have value, and I absolutely recognise the importance of academic input, but it's not the same as having practitioners from the frontline of the public sector.
"There's no one from the NHS, local authorities, or central government departments. That's a concern because when organizations like the [12]NHS or [13]local councils are hit, [14]the impact is felt across society . We need voices from the operational side of the public sector in the room. Without that, you risk ending up with a report that's well-meaning but lacking the real-world insight needed to make meaningful progress." ®
Get our [15]Tech Resources
[1] https://www.theregister.com/2025/05/22/west_lothian_school_ransomware/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aFQ0FGxZhRsPvfm7FMg1qwAAA0I&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aFQ0FGxZhRsPvfm7FMg1qwAAA0I&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aFQ0FGxZhRsPvfm7FMg1qwAAA0I&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://www.theregister.com/2025/01/29/nao_blasts_uk_gov_cyber/
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aFQ0FGxZhRsPvfm7FMg1qwAAA0I&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aFQ0FGxZhRsPvfm7FMg1qwAAA0I&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[8] https://www.theregister.com/2025/05/22/west_lothian_school_ransomware/
[9] https://www.theregister.com/2025/05/21/lumma_infostealer_service_busted/
[10] https://www.theregister.com/2025/05/21/ms_cyberattack_disruption/
[11] https://www.theregister.com/2025/05/20/ransomware_attack_on_food_distributor/
[12] https://www.theregister.com/2025/03/10/nhs_security_culture/
[13] https://www.theregister.com/2025/05/22/west_lothian_school_ransomware/
[14] https://www.theregister.com/2025/02/04/cyberattack_on_nhs_hospitals_sees/
[15] https://whitepapers.theregister.com/
Announced on Wednesday, the [1]Cyber Security Growth Action Plan will deliver its findings later this summer, complete with recommended actions for the government to take to ensure the £13.2 billion ($17.7 billion) sector continues to grow.
The review is being led by Simon Shiu, visiting professor of cybersecurity at the University of Bristol and recently departed VP and director is cybersecurity research at HP Labs. He will be assisted by fellow colleagues from Bristol and experts at the Centre for Sectoral Economic Performance at Imperial College London.
[2]
The team will examine the UK's strengths and identify areas of opportunity that will later be used to plot the UK's roadmap for cyber growth.
[3]
[4]
Its findings will also feed into the upcoming, refreshed National Cyber Strategy, which will focus on amending the existing strategy in line with the latest cyber threats to ensure national [5]cyber resilience .
"The UK cyber sector is successful and growing, but so too are the challenges as demonstrated by recent events which have affected businesses and consumers," said Shiu.
[6]
"Based on input from all parts of the cyber sector, this project will make independent recommendations to accelerate growth in cyber, but also to increase cyber resilience in the other sectors critical to UK security, industry, and prosperity."
The UK government also said there'd be up to £16 million ($21.5 million) in new funding to support the commercial growth of cybersecurity businesses.
Up to £10 million ($13.4 million) will be made available over the next four years to the CyberASAP scheme, which aims to help academics turn their research into viable commercial products.
[7]
Then, up to a further £6 million ($8 million) will be made available over the same period to help scale small businesses and startups, and help them access additional markets.
Senior minister Pat McFadden said: "Today's investment will help to turn innovative ideas into successful businesses up and down the country, and the new research will support our mission to grow the economy.
"Recent cyberattacks show just how important it is we foster the development of the sector – delivering the double dividend of high-paying jobs as well as strengthening the country's cybersecurity."
The investments announced this week will represent just a small sum of the total package expected to be delivered to the cybersecurity sector by the time the UK's Industrial Strategy is launched at the end of the month.
In addition to cybersecurity, sectors such as clean energy, financial services, manufacturing, professional services, and more are expected to receive sizable investments in a bid for economic growth.
It's all part of the government's Plan For Change, a phrase you may have seen bandied about in official comms and political coverage. It is basically a list of lofty goals Labour set out when it took power last year, one of which was to achieve and sustain economic growth.
In theory, this will boost innovation and create new jobs for Brits, so says the government.
Cybersecurity minister Feryal Clark said: "Through our Plan for Change, we're backing the sector to create high-quality jobs through the Cyber Growth Action Plan and ensuring our public services are built on secure foundations with the expert support of the Government Cyber Advisory Board."
New faces, but maybe not the right ones
Speaking of which, alongside the Cyber Security Growth Action Plan and new investment announcements, the government's new-look Cyber Advisory Board was also unveiled this week.
First assembled in 2022 as part of the 2022-2030 National Cyber Strategy launched by then-PM Boris Johnson, the board's role is to advise the government to make better strategic choices.
It serves as a sounding board for ministers, with high-profile voices from industry, academia, and the third sector all providing technical expertise to shape policy decisions.
Senior security folk from the likes of Big Tech (Google, AWS, Microsoft, and DeepMind) are involved, so too are university professors, representatives from top banks, legal eagles, energy companies, and more.
Ian Thompson, not our beloved vulture but Google's senior government cyber advisor for MENA and GCAB member, said: "The Government Cyber Advisory Board plays a vital role in bringing together expertise from across government and a wide set of industry sectors.
"This cross-sector collaboration not only accelerates the sharing of best practices and experience but also ensures balanced perspectives and mutual learning – something I'm personally finding invaluable."
Heather Bedson, head of information security at BPP, added: "Being part of the GCAB is an opportunity to drive change and improve the government's cyber resilience by using expertise from a wide range of industries."
Not everyone was so delighted, though. Graeme Stewart, head of public sector at Check Point, said there is a distinct lack of representation on the board from organizations that perhaps should be able to feed into these decisions.
[8]Scottish council admits ransomware crooks stole school data
[9]FBI, Microsoft, international cops bust Lumma infostealer service
[10]M&S warns of £300M dent in profits from cyberattack
[11]Ransomware attack on food distributor spells more pain for UK supermarkets
He said: "What really surprised me was the makeup of the advisory board. There are plenty of big organizations represented, but no specialist cybersecurity firms are included. The absence of any dedicated cybersecurity specialists is a striking omission. It's also worth pointing out that while there is public sector representation on the board, it's almost entirely from academia. That does have value, and I absolutely recognise the importance of academic input, but it's not the same as having practitioners from the frontline of the public sector.
"There's no one from the NHS, local authorities, or central government departments. That's a concern because when organizations like the [12]NHS or [13]local councils are hit, [14]the impact is felt across society . We need voices from the operational side of the public sector in the room. Without that, you risk ending up with a report that's well-meaning but lacking the real-world insight needed to make meaningful progress." ®
Get our [15]Tech Resources
[1] https://www.theregister.com/2025/05/22/west_lothian_school_ransomware/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aFQ0FGxZhRsPvfm7FMg1qwAAA0I&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aFQ0FGxZhRsPvfm7FMg1qwAAA0I&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aFQ0FGxZhRsPvfm7FMg1qwAAA0I&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://www.theregister.com/2025/01/29/nao_blasts_uk_gov_cyber/
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aFQ0FGxZhRsPvfm7FMg1qwAAA0I&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aFQ0FGxZhRsPvfm7FMg1qwAAA0I&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[8] https://www.theregister.com/2025/05/22/west_lothian_school_ransomware/
[9] https://www.theregister.com/2025/05/21/lumma_infostealer_service_busted/
[10] https://www.theregister.com/2025/05/21/ms_cyberattack_disruption/
[11] https://www.theregister.com/2025/05/20/ransomware_attack_on_food_distributor/
[12] https://www.theregister.com/2025/03/10/nhs_security_culture/
[13] https://www.theregister.com/2025/05/22/west_lothian_school_ransomware/
[14] https://www.theregister.com/2025/02/04/cyberattack_on_nhs_hospitals_sees/
[15] https://whitepapers.theregister.com/
Re: Well-meaning but lacking the real-world insight
Tron
Well, large companies will use this to leverage their products in the real world.
Nothing good emerges from a government quango.
heyrick
There's a big difference between "tell us where we should be spaffing cash" (that isn't mates of ministers or the like) and "here's some cash, do interesting things".
Trough
elsergiovolador
Another cyber "growth strategy" that looks suspiciously like a consultancy wishlist stapled to a press release.
They’ll boast about “£6 million for small businesses” as if that means anything - but it’s just camouflage. A window dressing to create the illusion of a thriving startup scene, while IR35 and procurement bias ensure only VC-backed firms and corporate subsidiaries survive.
Worker-owned B2B providers - the very definition of small business - are functionally locked out - either DSIT don't know the laws or they are playing dumb.
Call it what it is: classism in a tech trench coat. New faces, same game.
Funding peanuts
VoiceOfTruth
£16 million over 4 years. Vin Tanner: That wouldn't even pay for my bullets. I wonder how much the review itself will cost.
I can give them a couple of recommendations. 1. Demand a software audit of all American equipment used on networks in the UK, with the same remit as that imposed on Huawei. 2. Cancel the use of Gmail and Microsoft for all state entities and universities, and bring it back in house, to reduce the mass scanning by the Hostile States of America.
Anonymous Coward
Cutting benefits, cutting winter fuel payments, cutting other social schemes, and then announcing vague pie in the sky "tech" schemes.
It was the AI thing recently, and now this.
Of course infrastructure and technical advances need investment to succeed, but this current trajectory seems very Singaporean to me.
Mind you, with the huge commitment to military spending increases, maybe it's more USA Republican.
Well-meaning but lacking the real-world insight
Sounds like something commissioned by the Department of Administrative Affairs. I hope they're going to call the result The Hacker Report .