The keyboard is now a weapon of war, according to Defence Secretary John Healey. His warning earlier this year followed a series of high-profile cyber breaches across both the public and private sectors. The complexity and urgency of the threat the UK faces from both domestic and foreign actors requires a robust, coordinated national response.
To confront the rising risks, the Government has put forward a series of tough, proactive measures. These include a ban on public sector and critical national infrastructure operators paying ransoms, a new Cyber Governance Code of Practicefor organisations explaining how to protect their organisations from cyber attacks, and a new Cyber and Electromagnetic Command to boost the UK’s offensive and defence cyber capabilities. The long-awaited Cyber Security and Resilience Bill, first announced in the July 2024 King’s Speech, also promises new legal powers to improve incident reporting, resilience planning, and supply chain oversight. Digital sector insiders expect the Bill to return to Parliament next month.
These are significant and welcome steps. But as cyber threats become faster, more sophisticated and increasingly AI-enabled, the UK’s cyber strategy must not only respond to today’s risks but also anticipate what comes next.
Cyber Attacks: A Daily Reality
Cyber attacks are no longer isolated events; they are a daily occurrence. A Government survey in April found over 40% of businesses have experienced a cyber breach in the past year, rising to 70% for medium-sized and 74% for large businesses.
In May, the National Cyber Security Centre (NCSC) revealed it had responded to 200 “nationally significant” incidents since September 2024, double the number over the same period the year before. The Ministry of Defence (MoD) has faced 90,000 cyber attacks from “state-linked sources” over the past two years, a figure twice as high as in the previous two years.
In recent weeks, M&S, the Co-op, Harrods, the Legal Aid Agency, two major NHS trusts, and Microsoft have all been targeted by cyber attacks. These incidents are no longer rare or surprising, they are part of an environment where our digital infrastructure is under frequent assault.
Building Resilience: The Strategic Challenges Ahead
When the Cyber Security and Resilience Bill is introduced later this year along with an anticipated refreshed National Cyber Strategy, several challenges will demand attention.
Since its launch in 2016, the NCSC has brought focus and expertise to the UK’s cyber response. However, the broader cyber landscape is complex. Responsibilities are split across several organisations with sometimes overlapping functions and powers. The public agencies and government departments involved include the National Crime Agency, UK Cyber Security Council, Action Fraud, the Information Commissioner’s Office, Cabinet Office, the Department for Science, Innovation and Technology, Home Office and the Foreign, Commonwealth and Development Office. Streamlined governance, clearer accountability and stronger communication from the centre of government to departments will be crucial to ensuring swift, coordinated action.
At the same time, cyber skills remain in short supply. Despite efforts to double the Civil Service’s digital expertise, the Government Security Group’s (GSG) assessment in 2024 revealed that by 2030, there will be 751 cyber security vacancies. Cabinet Office Permanent Secretary Cat Little recently acknowledged at a hearing of the Public Accounts Committee that specialist recruitment is a persistent challenge, leaving capability gaps where resilience is most needed.
AI is already reshaping the cyber landscape. Cybercriminals use AI to automate attacks, generate phishing campaigns, and evade detection. As these tools evolve and accelerate, the Government needs to consider how policy, regulation and innovation can keep pace, or risk being left exposed to a new generation of cyber attacks from at home and abroad.
A Defining Moment for UK Cyber Security
With both the Cyber Security and Resilience Bill and the refreshed National Cyber Strategy expected this year, the coming months will be pivotal in shaping how the UK responds to rapidly evolving cyber threats.
The resilience of UK digital infrastructure and the safeguarding of our critical national services is paramount to protecting both economic stability and national security. As AI continues to accelerate the scale and sophistication of cyber attacks, the challenge is only becoming more acute.
The question is whether the Government will seize the moment to build a robust strategy to address the threats of today and tomorrow.
Arden’s Technology Sector Practice provides strategic support to engage with and successfully navigate the technology and cyber environment in the UK. To find out more contact [email protected]
