UKC3

Newly-released figures have revealed the impact of the cyber attack on Jaguar Land Rover.

The incident, which hit Jaguar Land Rover’s computer systems in September, forced the company to halt car production for nearly six weeks. The shutdown had repercussions throughout supply chains and was blamed for a slowdown in the UK’s overall economic growth that month. 

During the three months to the end of September, the UK’s largest car manufacturer’s revenue fell 24% year-on-year to £4.9 billion. Meanwhile, the company posted a loss of £485 million – compared to a £398 million profit the previous year. 

The cyber incident alone cost Jaguar Land Rover £196 million, mostly in emergency IT support and recovery costs. 

The Government last month warned that hostile cyber activity in the UK is becoming more frequent and complex, making it vital for all businesses to take their digital defences seriously.

The situation highlights just how damaging cyber attacks can be for businesses of any size and UKC3 continues to urge business owners to take up training and networking opportunities available nationwide through UKC3 regional clusters. Local networks run events which help organisations build resilience and respond to ever more sophisticated cyber threats.

Dr Ismini Vasileiou, UKC3 co-chair and Cyber Skills lead, said: “Events like the JLR cyber attack demonstrate the real-world impact digital threats can have on business operations, finances, and even jobs across whole industries. 

“Building networks through UKC3 clusters around the regions and nations means learning more about what is available in terms of practical workshops, expert mentoring, and tailored support to help organisations strengthen their cyber governance and resilience. 

“Upskilling your workforce and connecting within our wider cyber community means your business isn’t facing these risks alone.”

A new Bill introduced to Parliament aims to better protect essential UK services against cyber attack.

UKC3 has welcomed the introduction of the Cyber Security and Resilience Bill, which aims to strengthen national security and protect growth by boosting cyber protection for services that people and businesses rely on every day. 

In the face of increasing cyber threats, the Bill aims to prevent disruption within healthcare, water, transport, and energy – keeping the taps running, the lights on and the UK’s transport services moving.  

Recent cyber attacks on managed service providers (MSPs) have highlighted the need for updated legislation. Last year, hackers accessed the Ministry of Defence’s payroll system via a managed service provider.

Meanwhile, other recent attacks – such as the Synnovis incident in the NHS – resulted in more than 11,000 disrupted medical appointments and procedures and some estimates suggesting costs of £32.7 million.

UKC3 Co-chair Simon Newman said: “This Bill is important for the UK’s cyber sector. 

“By focusing on the resilience of essential services, Parliament is recognising not just the importance of effective cyber defences, but also the urgent need to help businesses, councils and community organisations withstand and recover from attacks. 

“We support legislation that empowers the sector, and the country, to raise the bar for digital safety and continuity.”

This legislation builds on the momentum created by the recent publication of the Cyber Governance Code of Practice, which provides a clear framework for organisations to manage their digital risk. 

The UK Government recently published the Cyber Governance Code of Practice, giving organisations simple rules to manage digital risk. The new Bill means more services – including shops, hospitals, and councils – will need to improve their cyber security, raising standards for thousands of organisations in the long run.

It follows a recent letter from government ministers including the Technology Secretary, Chancellor and Business Secretary to business leaders and FTSE 350 firms, urging them to strengthen their cyber defences to face down the growing range of threats targeting the UK’s leading organisations.  

Science, Innovation, and Technology Secretary, Liz Kendall MP, said: “Cyber security is national security. This legislation will enable us to confront those who would disrupt our way of life. I’m sending them a clear message: the UK is no easy target.

“We all know the disruption daily cyber-attacks cause. Our new laws will make the UK more secure against those threats. It will mean fewer cancelled NHS appointments, less disruption to local services and businesses, and a faster national response when threats emerge.”

Momentum continues to build behind recommendations made in a recent cyber security skills White Paper. 

Cyber Workforce of the Future: Why the UK Needs a Skills Taxonomy Now was officially launched during a special event in Westminster this week. 

Led by Dr Ismini Vasileiou and attended by Dan Aldridge MP, Chair, APPG for Cyber Innovation, the event brought together government, industry, and academia for a round table discussion at Portcullis House. 

Groups including EMCSC, De Montfort University Leicester, DSIT, techUK, the UK Cyber Security Council, NCSC, and UKC3 discussed next steps on how to address barriers and challenges within the industry identified in the White Paper. 

Issues discussed by the group included workforce fragmentation, scarcity of entry-level roles, lack of engagement with larger employers and companies, capacity issues within SMEs and smaller firms and government-led implementation. 

Delegates acknowledged that while the UK Cyber Security Council currently leads the work on establishing a Professional Register for Cyber Practitioners, progress has been hampered by limited sector engagement and a lack of sustained government backing since the end of the Council’s initial funding. 

All around the table agreed that a credible, widely supported register remains essential to professionalising the workforce, recognising skills, and strengthening accountability across the sector.

Dr Vasileiou is Co-Chair at the UK Cyber Cluster Collaboration (UKC3), East Midlands Cyber Security Council founder, and Associate Professor and author of the White Paper. 

She said: “It was encouraging to have an open and honest conversation not just around the issues within the industry but also around barriers to addressing them. 

“Collaboration is key and so to lead the conversation around that and hear industry leaders from a range of sectors agree on a route forward feels like real progress. 

“Capitalising on the current relevance of cyber security and seizing opportunity were other things we all agreed on and with the backing of Dan Aldridge MP and the APPG I’m excited to see what we can achieve together.”

Dan Aldridge MP, Chair, APPG for Cyber Innovation, added: “We need to embark on a national mission when it comes to cyber security.

“Threat proliferation is a real issue and the general public do not always understand the threat proliferation that we have. 

“This paper, and discussions we have had today, feed into what needs to happen next to bolster cyber security for everyone. 

“There’s an opportunity over the next 12 months to raise the game, get other MPs involved and make cyber security part of the national conversation.”

The White Paper, published earlier this year, recommends that Government should:

1. Establish a DSIT-led taskforce to co-create a UK Cyber Skills Taxonomy
2. Establish a national delivery body to govern the taxonomy
3. Incentivise employer adoption of standardised, skills-based recruitment
4. Align education and career pathways to real-world cyber roles
5. Scale regional skills alignment through a National Implementation Framework.

The Good Business Charter (GBC) has been working with the Department for Science, Innovation and Technology (DSIT), and business accreditation bodies in order to make cyber security a formal part of best practice standards for its members.

It this week announced that it has added specific reference to cyber security within its accreditation framework. The new requirement sits within the accreditation’s eighth of 10 components of the framework, Commitment to Customers, and recognises the importance of protecting personal data of all stakeholders, including employees and suppliers.

The move comes soon after Ministers wrote to UK business leaders, encouraging them to take action to build their cyber resilience. As awareness of cyber risks grows and attacks become more sophisticated, it is essential business owners recognise that protecting stakeholders’ data is as essential as protecting their products, reputation, or finances.

UKC3 Director and Ecosystem Development Lead, Ben Shorrock, welcomed GBC’s decision, adding: “Improving cyber security skills is key for small businesses and the GBC making it a universal business standard marks another step forward.

“The benefit is clear: protecting data is no longer just a technical consideration – it’s central to building trust with customers, partners, and the wider supply chain. This is why the UKC3 network champions the sharing of best practice, through both seeding and nurturing new clusters, and acting as a national voice for established clusters’ excellence in cybersecurity.”

The updated GBC standard puts protection of personal data front and centre – not just for customers, but also for employees, suppliers, and anyone else connected to the member’s business.

The new requirement will be phased in over coming months. Current accredited organisations coming up for renewal within the next six months will have a grace period to update their practices in line with the new standards. However, new applicants seeking Good Business Charter accreditation must commit to these cyber security measures immediately.

Member businesses are also being encouraged to access the free resources that the government has to help businesses, including Cyber Essentials and the Cyber Governance Code of Practice. 

The CEO of the Good Business Charter, Jenny Herrera, said: “The specific reference to cyber security adds strength to the accreditation – it was always implied within components that set out an organisation’s commitment to their customers and to their other stakeholders, but in spelling out the need to develop a positive cyber security culture we ensure the Good Business Charter remains relevant and comprehensive.”

Cyber Security Minister, Liz Lloyd, said: “Every firm now runs on digital systems, from payroll and payment readers to logistics. That dependence brings everyday exposure to cyber threats, and when those systems are hit, business stops. 

“Making cyber security part of the Good Business Charter is a welcome move and demonstrates the importance of managing cyber risk – which is a key element of responsible business behaviour.”

The GBC was developed by entrepreneur, Julian Richer, in collaboration with the Confederation of British Industry (CBI) and the Trades Union Congress (TUC) and is the responsible business benchmark for more than 1,000 organisations of all sizes. The ten components of its framework cover care for employees, suppliers, customers and the planet, as well as paying a fair share of UK tax.

UKC3 has welcomed a move by UK Government Ministers to warn of increasingly “hostile and frequent” cyber threats in the UK.

As the national body connecting 18 cyber clusters, UKC3 provides an option for direct engagement with regional ecosystems across the UK.

Between them, clusters from Kent to Scotland work alongside thousands of businesses and organisations on building capability, sharing knowledge and contributing to cyber growth.

Government ministers this week teamed up with the National Cyber Security Centre and the National Crime Agency to write to the UK’s leading companies, urging them to take action on cyber security.

The letter warns that hostile cyber activity in the UK is growing more intense, frequent and sophisticated.

Dr Ismini Vasileiou, UKC3 co-chair and Cyber Skills lead, urged businesses to take advantage of funded training and upskilling opportunities happening around the country.

“The message from the Government is clear. Cyber threats are accelerating in both frequency and impact. The Ministers warn that a ‘direct and active threat’ is causing significant financial and social harm to UK businesses and citizens. 

“Programmes and events delivered by our clusters are designed to address this – helping businesses of all sizes reduce risk and increase resilience.”

Supported by its 18 clusters, UKC3 continues to facilitate collaboration between industry, academia and government, uniting efforts to secure UK digital growth by ensuring that skills, education and awareness keep pace with the evolving threat landscape.

The Government is working on various measures to counter the cyber threat – such as through its Cyber Local programme, which has recently awarded £150,000 of funding to run cyber security programmes for East Midlands SMEs.

The letter – signed by Secretary of State for Science, Innovation and Technology, Liz Kendall; Chancellor of the Exchequer, Rachel Reeves; Secretary of State for Business and Trade, Peter Kyle; and Minister for Security, Dan Jarvis, reads:

“The Government is taking significant action to counter the cyber threat and has developed tools to help businesses to defend themselves, but we cannot do this alone.

“We ask you and the CEOs and chairs of other leading UK companies to take the necessary steps to protect your business and our wider economy from cyber attacks.”

As part of the support UKC3 clusters offer, businesses can access practical workshops and expert mentoring as well as develop tailored cyber governance and resilience plans.

There is also the opportunity for workforce upskilling through structured training and the use of cyber security tools as well as joining a supportive digital network.

Government figures show that, in the past year, around 612,000 UK businesses and 61,000 charities reported experiencing cyber security breaches.

The NCSC published its annual review this week, along with the new Cyber Action Toolkit for small businesses, which is designed to help sole traders and small organisations put in place some of the basic cyber security measures that help guard against the most common cyber threats.

Liz Kendall, the Secretary of state for Science, Innovation and Technology, said: “We’ve seen firsthand the disruption caused by cyber attacks on major British companies, hitting their bottom line and putting jobs at risk.

“The Government stands ready to help, but cyber security is an issue that demands leadership both from chief executives and right across the boardroom. 

“It’s in that vein I am calling on them to take immediate action. We need companies to make sure they are better protected and better able to recover quickly if the worst happens. 

“We are providing clear advice and practical tools, but with threats growing in scale and sophistication, business leaders need to step up their defences now and treat this as a strategic priority.”

In September, UKC3 was invited by the High Commission of Canada to attend a breakfast meeting at Canada House, Trafalgar Square. The event brought together Canadian and UK businesses to explore new avenues of defence cooperation. The discussion, chaired by Andy Butt (MakeUK Defence), featured perspectives from David Holmes (UK Defence Business Centre), James Kempston (NP Aerospace), John Stocker (BAE Systems), and Siobhan Harty (Defence & Marine Procurement, Canada).

The dialogue underscored an important reality: as the global security environment grows more complex, the defence sector must adapt by moving beyond traditional procurement models toward deeper, more agile partnerships.

For Canada and the UK, this means strengthening industrial collaboration, with a particular emphasis on the role of innovative SMEs. These firms contribute agility, disruptive technologies, and fresh thinking that are vital to future capability.

Three strategic priorities emerged:

• Regulatory Alignment – Harmonising legal and industrial frameworks to reduce friction, streamline export processes, and enable joint investment in integrated supply chains.
• Innovation at Pace – Coordinating standards and accelerating investment in frontier technologies such as AI, autonomy, quantum, and cybersecurity to remain at the forefront of capability development.
• SME Enablement – Designing pathways for SMEs to access contracts and capital, while creating new risk-sharing and procurement structures that support their ability to scale.

By addressing these priorities, Canada and the UK can reinforce their shared defence capabilities, strengthen their industrial bases, and contribute to a more secure and resilient international order.

UKC3, alongside its regional clusters and members, was pleased to participate in the event and contribute to the dialogue. We are excited to see the collaborations that will develop between Canadian companies and UKC3 cluster members in the months ahead.

This collaboration is not simply about meeting today’s requirements, it is about shaping the future of defence through partnership and innovation.