Blog

The Good Business Charter (GBC) has been working with the Department for Science, Innovation and Technology (DSIT), and business accreditation bodies in order to make cyber security a formal part of best practice standards for its members.

It this week announced that it has added specific reference to cyber security within its accreditation framework. The new requirement sits within the accreditation’s eighth of 10 components of the framework, Commitment to Customers, and recognises the importance of protecting personal data of all stakeholders, including employees and suppliers.

The move comes soon after Ministers wrote to UK business leaders, encouraging them to take action to build their cyber resilience. As awareness of cyber risks grows and attacks become more sophisticated, it is essential business owners recognise that protecting stakeholders’ data is as essential as protecting their products, reputation, or finances.

UKC3 Director and Ecosystem Development Lead, Ben Shorrock, welcomed GBC’s decision, adding: “Improving cyber security skills is key for small businesses and the GBC making it a universal business standard marks another step forward.

“The benefit is clear: protecting data is no longer just a technical consideration – it’s central to building trust with customers, partners, and the wider supply chain. This is why the UKC3 network champions the sharing of best practice, through both seeding and nurturing new clusters, and acting as a national voice for established clusters’ excellence in cybersecurity.”

The updated GBC standard puts protection of personal data front and centre – not just for customers, but also for employees, suppliers, and anyone else connected to the member’s business.

The new requirement will be phased in over coming months. Current accredited organisations coming up for renewal within the next six months will have a grace period to update their practices in line with the new standards. However, new applicants seeking Good Business Charter accreditation must commit to these cyber security measures immediately.

Member businesses are also being encouraged to access the free resources that the government has to help businesses, including Cyber Essentials and the Cyber Governance Code of Practice. 

The CEO of the Good Business Charter, Jenny Herrera, said: “The specific reference to cyber security adds strength to the accreditation – it was always implied within components that set out an organisation’s commitment to their customers and to their other stakeholders, but in spelling out the need to develop a positive cyber security culture we ensure the Good Business Charter remains relevant and comprehensive.”

Cyber Security Minister, Liz Lloyd, said: “Every firm now runs on digital systems, from payroll and payment readers to logistics. That dependence brings everyday exposure to cyber threats, and when those systems are hit, business stops. 

“Making cyber security part of the Good Business Charter is a welcome move and demonstrates the importance of managing cyber risk – which is a key element of responsible business behaviour.”

The GBC was developed by entrepreneur, Julian Richer, in collaboration with the Confederation of British Industry (CBI) and the Trades Union Congress (TUC) and is the responsible business benchmark for more than 1,000 organisations of all sizes. The ten components of its framework cover care for employees, suppliers, customers and the planet, as well as paying a fair share of UK tax.

UKC3 has welcomed a move by UK Government Ministers to warn of increasingly “hostile and frequent” cyber threats in the UK.

As the national body connecting 18 cyber clusters, UKC3 provides an option for direct engagement with regional ecosystems across the UK.

Between them, clusters from Kent to Scotland work alongside thousands of businesses and organisations on building capability, sharing knowledge and contributing to cyber growth.

Government ministers this week teamed up with the National Cyber Security Centre and the National Crime Agency to write to the UK’s leading companies, urging them to take action on cyber security.

The letter warns that hostile cyber activity in the UK is growing more intense, frequent and sophisticated.

Dr Ismini Vasileiou, UKC3 co-chair and Cyber Skills lead, urged businesses to take advantage of funded training and upskilling opportunities happening around the country.

“The message from the Government is clear. Cyber threats are accelerating in both frequency and impact. The Ministers warn that a ‘direct and active threat’ is causing significant financial and social harm to UK businesses and citizens. 

“Programmes and events delivered by our clusters are designed to address this – helping businesses of all sizes reduce risk and increase resilience.”

Supported by its 18 clusters, UKC3 continues to facilitate collaboration between industry, academia and government, uniting efforts to secure UK digital growth by ensuring that skills, education and awareness keep pace with the evolving threat landscape.

The Government is working on various measures to counter the cyber threat – such as through its Cyber Local programme, which has recently awarded £150,000 of funding to run cyber security programmes for East Midlands SMEs.

The letter – signed by Secretary of State for Science, Innovation and Technology, Liz Kendall; Chancellor of the Exchequer, Rachel Reeves; Secretary of State for Business and Trade, Peter Kyle; and Minister for Security, Dan Jarvis, reads:

“The Government is taking significant action to counter the cyber threat and has developed tools to help businesses to defend themselves, but we cannot do this alone.

“We ask you and the CEOs and chairs of other leading UK companies to take the necessary steps to protect your business and our wider economy from cyber attacks.”

As part of the support UKC3 clusters offer, businesses can access practical workshops and expert mentoring as well as develop tailored cyber governance and resilience plans.

There is also the opportunity for workforce upskilling through structured training and the use of cyber security tools as well as joining a supportive digital network.

Government figures show that, in the past year, around 612,000 UK businesses and 61,000 charities reported experiencing cyber security breaches.

The NCSC published its annual review this week, along with the new Cyber Action Toolkit for small businesses, which is designed to help sole traders and small organisations put in place some of the basic cyber security measures that help guard against the most common cyber threats.

Liz Kendall, the Secretary of state for Science, Innovation and Technology, said: “We’ve seen firsthand the disruption caused by cyber attacks on major British companies, hitting their bottom line and putting jobs at risk.

“The Government stands ready to help, but cyber security is an issue that demands leadership both from chief executives and right across the boardroom. 

“It’s in that vein I am calling on them to take immediate action. We need companies to make sure they are better protected and better able to recover quickly if the worst happens. 

“We are providing clear advice and practical tools, but with threats growing in scale and sophistication, business leaders need to step up their defences now and treat this as a strategic priority.”

In September, UKC3 was invited by the High Commission of Canada to attend a breakfast meeting at Canada House, Trafalgar Square. The event brought together Canadian and UK businesses to explore new avenues of defence cooperation. The discussion, chaired by Andy Butt (MakeUK Defence), featured perspectives from David Holmes (UK Defence Business Centre), James Kempston (NP Aerospace), John Stocker (BAE Systems), and Siobhan Harty (Defence & Marine Procurement, Canada).

The dialogue underscored an important reality: as the global security environment grows more complex, the defence sector must adapt by moving beyond traditional procurement models toward deeper, more agile partnerships.

For Canada and the UK, this means strengthening industrial collaboration, with a particular emphasis on the role of innovative SMEs. These firms contribute agility, disruptive technologies, and fresh thinking that are vital to future capability.

Three strategic priorities emerged:

• Regulatory Alignment – Harmonising legal and industrial frameworks to reduce friction, streamline export processes, and enable joint investment in integrated supply chains.
• Innovation at Pace – Coordinating standards and accelerating investment in frontier technologies such as AI, autonomy, quantum, and cybersecurity to remain at the forefront of capability development.
• SME Enablement – Designing pathways for SMEs to access contracts and capital, while creating new risk-sharing and procurement structures that support their ability to scale.

By addressing these priorities, Canada and the UK can reinforce their shared defence capabilities, strengthen their industrial bases, and contribute to a more secure and resilient international order.

UKC3, alongside its regional clusters and members, was pleased to participate in the event and contribute to the dialogue. We are excited to see the collaborations that will develop between Canadian companies and UKC3 cluster members in the months ahead.

This collaboration is not simply about meeting today’s requirements, it is about shaping the future of defence through partnership and innovation. 

UKC3 has welcomed publication of the UK Government’s Cyber Growth Action Plan.

The national cluster network has also offered to assist in shaping Government objectives through its established network, spanning 18 areas around the UK.

The Government has made clear that cyber security presents an essential part of the UK’s future growth. Earlier this year, the Industrial Strategy identified cyber security as a frontier technology in its Digital and Technologies sector plan.

The Department for Science, Innovation & Technology (DSIT) has now published its Cyber Growth Action Plan, offering a vision for developing the sector. 

Both plans note that the UK cyber sector is growing – and has the scope to grow much more. However, both also warn that cyber threats are also in the ascendancy.

Therefore, DSIT’s Cyber Growth Action Plan identifies three strategic priorities for Government and industry to seize upon the cyber opportunity by: 

1. Pushing the cycle of resilience and growth by stimulating demand – and supporting businesses of all sizes in meeting that demand;
2. Making strategic choices about where to focus on technologies and sectors;
3. Simplifying and clarifying the roles of government in relation to cyber resilience and growth. 

Over recent years, UKC3 has demonstrated its convening power in building a unique network of 18 cyber security clusters.

Clusters are based around the UK, with UKC3 providing a single point of access to Government and industry groups requiring a distinct understanding of local markets and industry needs.

Since incorporation in 2021, UKC3 has become a UK lead in its space, operating between clusters, government, industry, academia, cyber security professionals, and investors to help attract, develop, and retain cybersecurity talent.

UKC3 has achieved this by:

• Sharing resources to seed and grow innovative cyber security ecosystems.
• Working with education, outreach, and apprenticeships to address skills shortages.
• Helping build networks to spread new ideas, technologies, and investment.
• Supporting cluster-based events, programmes, and funding bids.

Ben Shorrock, UKC3 Director and Ecosystem Development Lead, said: “Our 18 clusters have deep roots in their local cyber security ecosystems, with networks spanning industry, local authorities, academia, and the third sector.

“These 18 clusters are embedded in their communities, reflecting place-specific priorities and strengths, and making them ideally placed to support with the development of the Government’s planned Regional Cyber Growth Centres.”

At a strategic level, UKC3 has demonstrated its purpose as a central board by convening  clusters and stakeholder forums, as well as liaising directly with Government.

It has also supported clusters as they make their own case to Government: UKC3 recently backed a White Paper by the East Midlands Cyber Security Cluster warning of a looming skills crisis in the cyber security sector. It has been sponsored by the APPG on Cyber Innovation and will be officially launched in Westminster later this month.

Simon Newman, UKC3 Co-Chair, said: “UKC3 is experienced in facilitating impactful collaboration across the UK’s cyber sector, as well as sharing regional best practice, and driving development that is essential to closing the UK’s cyber skills gap.

“We’ve learned that place-based clusters are fundamental to instilling the key messages of cyber security in the UK and welcome DSIT’s plans to take the idea further.”

Systems for training the UK’s future generations of cyber security professionals are no longer fit for purpose, industry experts have warned in a new White Paper.

Sector specialists say that a fragmented 20th Century training ecosystem risks leaving UK businesses exposed to 21st Century cyber threats.

The White Paper – published by East Midlands Cyber Security Cluster with the support of UKC3, De Montfort University, and the APPG for Cyber Innovation – add that Government intervention is urgently needed to build the inclusive and sustainable cyber workforce of the future. Such a new approach would provide consistent role definitions, skills standards, and career progression across sectors.

The UK’s digital economy is growing rapidly and is central to the Industrial Strategy 2030 – yet cyber security remains one of the UK’s greatest skills challenges of the age. High profile cyber attacks are escalating – often resulting in devastating consequences to businesses as they introduce digital systems at speed. Meanwhile, the UK’s fragmented cyber education and training system is leaving the country dangerously exposed.

As Government prepares its updated National Cyber Strategy, experts warn that joined-up thinking is urgently required to address the short-termism that has led to a national shortage of qualified cyber professionals and the absence of a unified skills framework.

An EMCSC-led Parliamentary Roundtable on the Cyber Workforce earlier this year brought together a select group of senior directors from organisations including UKC3, DSIT, UK Cyber Security Council, SASIG, CIISec, BCS, and a host of other industry leaders and leading academic figures to look at ways of creating a future-ready UK cyber workforce.

A subsequent White Paper – published today – takes learnings from the roundtable and sets out five steps for the Government to secure UK cyber security skills for decades to come. The White Paper recommends that Government should:

1. Establish a DSIT-led taskforce to co-create a UK Cyber Skills Taxonomy
2. Establish a national delivery body to govern the taxonomy
3. Incentivise employer adoption of standardised, skills-based recruitment
4. Align education and career pathways to real-world cyber roles
5. Scale regional skills alignment through a National Implementation Framework.

Dr Ismini Vasileiou, Co-Chair of UKC3, Director of East Midlands Cyber Security Cluster (EMCSC), and Associate Professor, De Montfort University, authored the paper and said:

“Recent arrests in relation to cyber-attacks on M&S and Co-op show the real and growing threat faced by UK citizens and businesses. What doesn’t make the headlines is the UK’s chronic shortage of cyber professionals.

“There’s currently a mismatch between Government industrial ambition and educational reality. We won’t secure a 21st Century digital economy with a 20th Century skills pipeline.

“This is emerging as a critical situation for SMEs, which are the backbone of the UK economy, but which are increasingly exposed as they race to meet modern digital expectations and standards.”

Dan Aldridge MP, Chair, APPG for Cyber Innovation, said:

“Building a resilient and digitally capable workforce is fundamental to our country’s economy, and future workforce.

“As members of Parliament, ensuring everyone has the opportunity to develop cyber skills matters to keep our constituents and local businesses safe. Without such a foundation, we risk perpetuating the very gaps we are striving to close, and undermining the government’s mission of sustainable digital transformation.

“This White Paper highlights widespread consensus on the need for a shared language and structure for cyber skills, and we urge our colleagues across Parliament to treat this white paper not as another strategy, but as a call to action, to help build a cyber workforce that is as dynamic and diverse as the challenges we face.”

Professor Mike Kagioglou, Deputy Vice-Chancellor Planning, Research and Innovation, De Montfort University Leicester, said:

“The recommendations in this White Paper reflect what we see every day in our work with businesses: namely, a growing demand for cyber skills and a fragmented system that is not keeping pace.

“At DMU, we’re already helping bridge the gap through applied research, industry partnerships and education that meets real-world needs.

“We fully support the call from Dr Vasileiou and the APPG for a national strategy to align skills, accreditation, and employer demand.

“DMU stands ready to assist and support a central, recognised, skills development and accreditation framework for cyber security.”

Read the White Paper in full here.

The UK’s Modern Industrial Strategy places significant emphasis on cyber security.

The 10-year plan – published this week –  features opportunities around cyber security as a critical component of the nation’s economic security, digital transformation, and technological sovereignty. 

Published soon after Chancellor Rachel Reeves used the 2025 Spending Review to outline the importance of AI capability and cyber resilience, the Industrial Strategy recognises cyber security as both a foundational requirement for business operations and a high-growth sector with substantial export potential.

The accompanying Digital and Technologies Sector Plan identifies cyber security as an area for investment, addressing challenges that prevent widespread technology adoption and establishing  supply routes into intelligence and defence. Cyber security is one of six “frontier technologies” listed as having the highest potential for growth.

Cyber security as an economic priority

The Industrial Strategy considers cyber security within the broader context of economic and national security, reflecting on security and economic ties that are “shifting in the face of rising geopolitical instability”. 

Government recognises that strengthening economic security requires strategic investments in critical supply chains, technologies, and energy security – as well as support for businesses in understanding and mitigating cyber risks.

Cyber security capabilities are also closely integrated with the UK’s defence industrial strategy. The Government’s commitment to increase defence spending to 2.6% of GDP, with ambitions to reach 3% in the next Parliament, will simultaneously support cyber security development.

It identifies £1.2bn further investment into skills per year, including support for adult learners through Local Skills Improvement Plans (LSIPs), and courses to support 16–19-year-olds.

Also referenced is the expansion of Cyber Essentials accreditation and bringing digital skills into classrooms and communities to address the needs of future careers. It includes plans to support more than 4,000 graduates, researchers and innovators aiming to work in AI, computer science and cyber security. The need is identified for specialist skills in cyber security.

The Strategy references cyber security clusters across the UK linking with lynchpin organisations such as the National Cyber Security Cluster to form a thriving ecosystem. Belfast is cited as one example of strength in cyber security, with Northern Ireland home to more than 100 cybersecurity businesses, supporting 2,750 jobs, and paying an average salary of £53,300.

Strategic digital integration

Cyber security itself sits within the Digital and Technologies sector, one of the eight high growth sectors identified in the Industrial Strategy.

It places cyber security alongside core growth industries including AI, advanced connectivity, quantum, and semiconductors. However, digital technology runs throughout the document, with the Industrial Strategy noting that the UK’s Digital and Technologies economy is responsible for “building our sovereign capability in the most strategically important areas”.

The Digital and Technologies Sector Plan sets out cyber security as being crucial for economic stability in a time in which the impact of cyber attacks has become more prominent.

The UK’s cyber security industry generates £13.2 billion in revenue across more than 2,000 firms, and the UK is recognised as one of the most committed countries to cyber security globally. The Plan picks out regional hubs in the South West, Greater Manchester and Lancashire, and Belfast as emerging centres of innovation. 

Meanwhile, cyber security exports continue to boost the UK economy, growing from £4.1 billion in 2020 to £7.2 billion in 2023. AI presents an opportunity to accelerate this.

Regional cyber security growth

Ben Shorrock, UKC3 Director and CEO of TechSpark, welcomed the Industrial Strategy’s recognition of cyber security as fundamental to strategic regional and UK economic growth.

“The Industrial Strategy supports what we’ve been building through UKC3 – a thriving cyber ecosystem, operating regionally and meeting distinct local needs, but with a central national point of access for partnerships and collaboration.

“The plan for investment in cyber skills, Cyber Essentials, and other digital technologies shows that the Government understands that cyber security is both a fundamental business requirement as well as an area of economic growth.

“With our established network of regional cyber security clusters, UKC3 is ready to work with the Government to bridge national policy with local implementation – ensuring that investment benefits businesses and emerging cyber professionals throughout the UK.”