Archives for 2026

UKC3 recently confirmed that its four‑year project to support a national network of cyber security clusters is drawing to a close – so here’s where you can head to next.

Central UK hub operations are due to end as planned in March 2026. 

As originally intended, the UK’s 18 cyber security clusters now have the structures, partnerships and networks to set and deliver their own priorities. They are also well placed to benefit from new opportunities created through increasingly devolved regions.

You can identify your regional cyber security cluster below and visit its website to find out more about cluster events, and sign up to its mailing list or membership.

• Bristol & Bath Cyber – hello@techSPARK.co
• Cyber East – info@cybereast.co.uk
• Cyber London – info@cyberlondon.com
• Cyber Wales – johnd@cyberwales.net
• CyberNorth – hello@cybernorth.biz
• CyNam – info@cynam.org
• East Midlands Cyber Security Cluster – hello@emcsc.uk
• Hampshire and Sussex Cyber Cluster – contact@handsc3.org
• Kent & Medway Cyber Cluster – contact@kmcc-uk.org
• Midlands Cyber – info@midlandscyber.com
• NI Cyber – joanne@nicyber.tech
• North West Cyber Security Cluster – contactus@nwcsc.org.uk
• OxCyber – hello@oxcyber.org
• ScotlandIS Cyber – info@scotlandis.com
• South West Cyber Security Cluster – info@southwestcsc.org
• Surrey Cyber Security Cluster – info@surreycyber.com
• Swindon & Wiltshire Cyber Cluster – hello@swcybercuster.co.uk
• Yorkshire Cyber Security Cluster – melissa@ycsc.org.uk

Set up in 2022 as a not‑for‑profit Community Interest Company (CIC), UKC3 was initially funded by the Department for Digital, Culture, Media & Sport (DCMS) and then by the Department for Science, Innovation and Technology (DSIT). 

Its aim was to help build regional cyber capacity in line with the National Cyber Strategy, by supporting a growing ecosystem of regional and national cyber clusters.

With that central coordinating role ending in March 2026, regional cyber clusters become more important than ever to develop skills, drive innovation, and support more secure economic growth in cluster areas. They remain the key outlet for:

• Local businesses looking for practical cyber support and collaboration
• Skills providers and universities wanting to connect into industry
• Public‑sector and third‑sector organisations seeking trusted partners and expertise.

A steering committee is now being set up to help maintain collaboration and share knowledge between the clusters in future. More details on this will be shared soon.

UKC3 has announced that its four-year project to establish a national network of cyber security clusters is drawing to a close.

The national body has informed the 18 region and nation clusters with which it works that central operations will end as planned in March 2026.

The not‑for‑profit Community Interest Company was funded by the Department for Digital, Culture, Media & Sport, and later the Department for Science, Innovation and Technology, to build regional cyber capacity in line with the National Cyber Strategy.

Over four years, UKC3 supported a 50% increase in the number of regional operations.

The UK cyber security landscape was fragmented when UK Cyber Cluster Collaboration (UKC3) launched in 2022. Twelve clusters were operating, but working largely in isolation and struggling to build the collaborative momentum needed to drive national-level growth.

Four years on, there are 18 clusters covering almost the whole of the UK. UKC3 has worked in partnership with them, helping to deliver more than 600 events and engaging more than 17,500 people nationwide. 

A national network of businesses, universities, public sector organisations and individuals has come together to develop skills, drive innovation, and support more secure economic growth in cluster areas.

UKC3 will cease operations at the end of March. It leaves a stronger, more visible, and better equipped national network than that of four years ago. Its founding mission has been accomplished.

Independent evaluation has summarised the network development that has taken place. Clusters have grown in number, while maturing in delivery. Governance structures have become clearer, partnerships have developed further, and regional leaders have emerged as convenors of cyber activity.

Importantly, collaboration between regions has increased. What started as isolated efforts in different parts of the country has evolved into a connected national cyber community. Established systems and structures will ensure that clusters continue to share best practice, reduce duplication, and learn from one another after the closure of UKC3.

This development was supported by UKC3. As a central point of engagement, it helped raise the visibility of regional cyber activity and broke down silos between industry, academia and the public sector. 

Simon Newman, UKC3 Chair, noted that the closure of UKC3 does not represent the end of collaboration across the cyber ecosystem.

“The relationships, trust and shared understanding built through UKC3 provide a strong foundation for continued cluster-to-cluster working, future initiatives and new forms of cooperation which add real value,” he said.

“Our Board and Officers are proud of the role that UKC3 has played in supporting this journey, but the real credit belongs to the clusters themselves – the leaders, managers, boards and community members who have delivered activity on the ground.

“Their work has helped create a stronger, more connected cyber ecosystem across the UK, and that impact will continue well beyond UKC3.”

The UK’s 18 cyber security clusters have the governance, partnerships, confidence and connections to drive their own agendas forward independently. They will also be able to tap into emerging opportunities from increasingly devolved authorities around the UK.

Cyber London has launched a new forum for organisations to prepare for the next big shift in cyber security – the rise of quantum technologies. 

The aim of the Quantum Security Think Tank is to shape quantum innovation that is safe, responsible and genuinely useful for people, businesses and the economy. It will grow into a ‘knowledge hub’ for insight on quantum security.

Quantum computers have the power to solve complex problems exponentially faster than classical computers. This could unlock huge new possibilities, but also threaten many of today’s security tools – especially encryption. Without planning, this could leave data, services and critical systems at risk.

The Think Tank brings together academics, businesses, government and non‑profits “to shape a responsible future for quantum technologies”. Its mission is to be “the global catalyst for quantum innovation” so that progress is secure, ethical and benefits society rather than creating new problems.

The purpose of the Think Tank

The Quantum Think Tank focuses on turning complex quantum issues into practical guidance that organisations can use. It works on frameworks to secure future quantum systems and reduce the risk of misuse. It also develops good practice for managing risk, meeting regulations and staying aligned with new laws around quantum technologies.

Professor Douglas Paul OBE, Advisory Board Member of the Cyber London Quantum Security Think Tank, said: “While quantum computers capable of breaking RSA encryption within hours are still more than a decade away, some nation states are already harvesting encrypted data today to decrypt in the future. 

“If your data will retain value for decades, organisations must consider whether post-quantum cryptography, quantum key distribution, or quantum communications are the right path forward. These are the questions we aim to help organisations understand so they can invest in the right approaches and solutions.”

Quantum-safe security framework

To give organisations a clear path forward, Cyber London has created a step‑by‑step framework to help them move towards quantum‑safe security. Named the Quantum Safe Readiness Logic Train, it brings together 20 essential elements across five clear phases. In doing so, it provides a practical roadmap for leaders, technical teams and policymakers who need to prepare their environments for a post quantum world.

The Logic Train starts by explaining why the quantum threat matters and what new risks are emerging. It then builds understanding of post‑quantum cryptography (PQC), key concepts and regulatory expectations, before moving into planning, testing and long‑term resilience.

Five clear phases

The Logic Train is designed to be easy to follow and useful for both small teams and large enterprises. It is built around five phases:

1. Awareness – recognising the urgency of the quantum threat.
2. Understanding – learning the basics of PQC and how it will affect existing systems.
3. Preparation – planning the transition, reviewing architecture, governance and skills.
4. Implementation – testing and rolling out quantum‑safe solutions in real projects.
5. Sustainability – keeping security up to date through monitoring, collaboration and ongoing improvement.

The framework “allows organisations to see where they are on their journey and understand the steps required to progress with confidence,” while keeping pace with international standards, industry needs and government policy.

Benefits for organisations

Together, the Quantum Think Tank and the Logic Train offer organisations a clear explanation of quantum risks and what they mean in practice. They also provide a structured plan to move towards quantum‑safe security, rather than reacting at the last minute. The two platforms also help to align with future regulations and standards, reducing cost and confusion later on.

There are plans to hold round advisory tables, webinars and workshops in the future to enable the think tank to showcase expertise and innovation, and contribute to debates on cyber security.

Cyber London Co-Director, Professor Muttukrishnan Rajarajan, said: “Cyber London is where innovation and collaboration come together to address societal cyber security challenges. We operate as a marketplace for cyber science, co creation, partnerships, growth, and internationalisation.

“By launching the Quantum Security Think Tank, Cyber London is giving leaders, technologists and policymakers a practical way to prepare for quantum – turning a complex future risk into a manageable, step‑by‑step journey.”

UKC3 has backed the “cultural shift” towards public sector cyber security and resilience set out in the Government’s new Cyber Action Plan.

The Action Plan, launched this week, defines how trust and resilience in public services will be secured as part of a wider Roadmap for a Modern Digital Government. The Action Plan responds to “critically high” cyber risk across government and the wider public sector, aiming to give people confidence in the digital services they use every day.

Backed by more than £210 million of central investment and led by the new Government Cyber Unit at the Department for Science, Innovation and Technology (DSIT), the Action Plan introduces a stronger, more centralised model for managing government-wide cyber risk. It recognises that hostile states, criminal groups, and major outages are already causing serious disruption in areas such as healthcare, local government, libraries and transport.

Why the Action Plan is needed

The Action Plan shows that “nearly a third (28%) of the government technology estate is estimated to be legacy technology, and therefore highly vulnerable to attack”. It also identifies that GovAssure assessments show “significant gaps in departments’ cyber security and resilience, including widespread low maturity in fundamental controls such as asset management, protective monitoring, and response planning.” 

To address this, the plan sets four strategic objectives:

• Better visibility of cyber security and resilience risk, so that the Government can understand government‑wide and departmental cyber risks.
• Addressing severe and complex risks through central levers where departments cannot manage risks alone.
• Improving responsiveness to fast moving events, so that the Government can respond more effectively to rapidly evolving cyber and digital incidents.
• Rapidly increasing government‑wide cyber resilience, by focusing on remediating the most significant vulnerabilities, including legacy technology. 

In order to deliver these objectives, the Action Plan is structured around five core delivery strands required to drive practical change at scale.

Cyber resilience as mission

A core theme of the Action Plan is the need to ‘Defend as One’, with government and public sector teams treating cyber and digital resilience as a shared mission rather than acting in isolation. The Government Cyber Unit will coordinate with departments, arms-length bodies, local services, and suppliers so that risks are clearly owned, understood and managed across the system.

The Action Plan also focuses on stronger accountability for senior leaders, better use of data in decision‑making, and a new Government Cyber Profession to attract and grow cyber talent. Central services such as threat detection, vulnerability monitoring and incident coordination will be scaled so organisations can access proven capabilities more easily.

How UKC3 support cyber resilience

UKC3’s role is to support and connect regional cyber security clusters, helping them to grow local ecosystems, develop skills, and share best practice nationally. The Cyber Action Plan’s emphasis on collaboration, skills and scalable services aligns directly with this mission.

Through its clusters, UKC3 and its regional network can:

• Help public sector organisations and suppliers understand the Action Plan, its implications, and where to find support and services.
• Connect departments, local authorities, NHS bodies, and other public sector organisations with regional cyber expertise, including SMEs and academia, to support development.
• Support development of skills pipelines aligned with the new Government Cyber Profession through training, events, mentoring, and regional initiatives.

‘A cultural and operational shift’

The plan envisages central bodies, including the Government Cyber Unit and National Cyber Security Centre (NCSC) working closely with departments, arms-length bodies, and wider public sector organisations, including through scaled support and ‘cyber uplift’ teams. 

UKC3 co-chair, Simon Newman, said: “UKC3 strongly supports the Government Cyber Action Plan and its ambition to secure public services that are trustworthy and resilient. 

“Our national network recognises this as a cultural and operational shift, not just a technical programme, requiring sustained effort across the whole system.

“Working with Government, NCSC, and wider partners, UKC3 will continue to use the strength of its clusters to turn the plan into practical local action – building skills, helping organisations access the right services, and ensuring regional innovation and expertise align with Government plans for the UK to Defend as One.”