Blog

Systems for training the UK’s future generations of cyber security professionals are no longer fit for purpose, industry experts have warned in a new White Paper.

Sector specialists say that a fragmented 20th Century training ecosystem risks leaving UK businesses exposed to 21st Century cyber threats.

The White Paper – published by East Midlands Cyber Security Cluster with the support of UKC3, De Montfort University, and the APPG for Cyber Innovation – add that Government intervention is urgently needed to build the inclusive and sustainable cyber workforce of the future. Such a new approach would provide consistent role definitions, skills standards, and career progression across sectors.

The UK’s digital economy is growing rapidly and is central to the Industrial Strategy 2030 – yet cyber security remains one of the UK’s greatest skills challenges of the age. High profile cyber attacks are escalating – often resulting in devastating consequences to businesses as they introduce digital systems at speed. Meanwhile, the UK’s fragmented cyber education and training system is leaving the country dangerously exposed.

As Government prepares its updated National Cyber Strategy, experts warn that joined-up thinking is urgently required to address the short-termism that has led to a national shortage of qualified cyber professionals and the absence of a unified skills framework.

An EMCSC-led Parliamentary Roundtable on the Cyber Workforce earlier this year brought together a select group of senior directors from organisations including UKC3, DSIT, UK Cyber Security Council, SASIG, CIISec, BCS, and a host of other industry leaders and leading academic figures to look at ways of creating a future-ready UK cyber workforce.

A subsequent White Paper – published today – takes learnings from the roundtable and sets out five steps for the Government to secure UK cyber security skills for decades to come. The White Paper recommends that Government should:

1. Establish a DSIT-led taskforce to co-create a UK Cyber Skills Taxonomy
2. Establish a national delivery body to govern the taxonomy
3. Incentivise employer adoption of standardised, skills-based recruitment
4. Align education and career pathways to real-world cyber roles
5. Scale regional skills alignment through a National Implementation Framework.

Dr Ismini Vasileiou, Co-Chair of UKC3, Director of East Midlands Cyber Security Cluster (EMCSC), and Associate Professor, De Montfort University, authored the paper and said:

“Recent arrests in relation to cyber-attacks on M&S and Co-op show the real and growing threat faced by UK citizens and businesses. What doesn’t make the headlines is the UK’s chronic shortage of cyber professionals.

“There’s currently a mismatch between Government industrial ambition and educational reality. We won’t secure a 21st Century digital economy with a 20th Century skills pipeline.

“This is emerging as a critical situation for SMEs, which are the backbone of the UK economy, but which are increasingly exposed as they race to meet modern digital expectations and standards.”

Dan Aldridge MP, Chair, APPG for Cyber Innovation, said:

“Building a resilient and digitally capable workforce is fundamental to our country’s economy, and future workforce.

“As members of Parliament, ensuring everyone has the opportunity to develop cyber skills matters to keep our constituents and local businesses safe. Without such a foundation, we risk perpetuating the very gaps we are striving to close, and undermining the government’s mission of sustainable digital transformation.

“This White Paper highlights widespread consensus on the need for a shared language and structure for cyber skills, and we urge our colleagues across Parliament to treat this white paper not as another strategy, but as a call to action, to help build a cyber workforce that is as dynamic and diverse as the challenges we face.”

Professor Mike Kagioglou, Deputy Vice-Chancellor Planning, Research and Innovation, De Montfort University Leicester, said:

“The recommendations in this White Paper reflect what we see every day in our work with businesses: namely, a growing demand for cyber skills and a fragmented system that is not keeping pace.

“At DMU, we’re already helping bridge the gap through applied research, industry partnerships and education that meets real-world needs.

“We fully support the call from Dr Vasileiou and the APPG for a national strategy to align skills, accreditation, and employer demand.

“DMU stands ready to assist and support a central, recognised, skills development and accreditation framework for cyber security.”

Read the White Paper in full here.

The UK’s Modern Industrial Strategy places significant emphasis on cyber security.

The 10-year plan – published this week –  features opportunities around cyber security as a critical component of the nation’s economic security, digital transformation, and technological sovereignty. 

Published soon after Chancellor Rachel Reeves used the 2025 Spending Review to outline the importance of AI capability and cyber resilience, the Industrial Strategy recognises cyber security as both a foundational requirement for business operations and a high-growth sector with substantial export potential.

The accompanying Digital and Technologies Sector Plan identifies cyber security as an area for investment, addressing challenges that prevent widespread technology adoption and establishing  supply routes into intelligence and defence. Cyber security is one of six “frontier technologies” listed as having the highest potential for growth.

Cyber security as an economic priority

The Industrial Strategy considers cyber security within the broader context of economic and national security, reflecting on security and economic ties that are “shifting in the face of rising geopolitical instability”. 

Government recognises that strengthening economic security requires strategic investments in critical supply chains, technologies, and energy security – as well as support for businesses in understanding and mitigating cyber risks.

Cyber security capabilities are also closely integrated with the UK’s defence industrial strategy. The Government’s commitment to increase defence spending to 2.6% of GDP, with ambitions to reach 3% in the next Parliament, will simultaneously support cyber security development.

It identifies £1.2bn further investment into skills per year, including support for adult learners through Local Skills Improvement Plans (LSIPs), and courses to support 16–19-year-olds.

Also referenced is the expansion of Cyber Essentials accreditation and bringing digital skills into classrooms and communities to address the needs of future careers. It includes plans to support more than 4,000 graduates, researchers and innovators aiming to work in AI, computer science and cyber security. The need is identified for specialist skills in cyber security.

The Strategy references cyber security clusters across the UK linking with lynchpin organisations such as the National Cyber Security Cluster to form a thriving ecosystem. Belfast is cited as one example of strength in cyber security, with Northern Ireland home to more than 100 cybersecurity businesses, supporting 2,750 jobs, and paying an average salary of £53,300.

Strategic digital integration

Cyber security itself sits within the Digital and Technologies sector, one of the eight high growth sectors identified in the Industrial Strategy.

It places cyber security alongside core growth industries including AI, advanced connectivity, quantum, and semiconductors. However, digital technology runs throughout the document, with the Industrial Strategy noting that the UK’s Digital and Technologies economy is responsible for “building our sovereign capability in the most strategically important areas”.

The Digital and Technologies Sector Plan sets out cyber security as being crucial for economic stability in a time in which the impact of cyber attacks has become more prominent.

The UK’s cyber security industry generates £13.2 billion in revenue across more than 2,000 firms, and the UK is recognised as one of the most committed countries to cyber security globally. The Plan picks out regional hubs in the South West, Greater Manchester and Lancashire, and Belfast as emerging centres of innovation. 

Meanwhile, cyber security exports continue to boost the UK economy, growing from £4.1 billion in 2020 to £7.2 billion in 2023. AI presents an opportunity to accelerate this.

Regional cyber security growth

Ben Shorrock, UKC3 Director and CEO of TechSpark, welcomed the Industrial Strategy’s recognition of cyber security as fundamental to strategic regional and UK economic growth.

“The Industrial Strategy supports what we’ve been building through UKC3 – a thriving cyber ecosystem, operating regionally and meeting distinct local needs, but with a central national point of access for partnerships and collaboration.

“The plan for investment in cyber skills, Cyber Essentials, and other digital technologies shows that the Government understands that cyber security is both a fundamental business requirement as well as an area of economic growth.

“With our established network of regional cyber security clusters, UKC3 is ready to work with the Government to bridge national policy with local implementation – ensuring that investment benefits businesses and emerging cyber professionals throughout the UK.”

More than 110 delegates attended a cyber security event staged to develop cyber trade and research partnerships between the UK and Canada.

The event brought UK-based cyber and managed services businesses together with the Canadian delegation to look at opportunities around technical and commercial Canada-UK partnerships.

UKC3 supported the event by bringing together organisations from its network spanning 18 regional cyber clusters across the UK. The High Commission of Canada hosted a reception and a panel discussion to introduce Canadian businesses to opportunities in the UK.

Organisations including CGI, the Department for Business and Trade, Cypfer and the Cyber Resilience Centre for London discussed the latest cyber security trends in the market. These included the cyber security landscape in the UK, current threats, threat actors, and types of business being impacted.

Recent cyber attacks on UK retailers highlighted the risk to business. Cyber security is often not the top priority for SMEs, but is gaining an increasing level of attention. The gathering learned that the UK has 2,165 cyber businesses, employing 60,000 people, while Canada has 550 cyber businesses employing 23,000. It makes the UK and its businesses an important cyber partner for Canada.

The event was hosted at Canada House – the diplomatic mission on Trafalgar Square in London – and brought 117 attendees together at a reception. More than 50 also attended a briefing panel earlier in the day.

Sanjay Purohit, UK Lead ICT, AI and Digital Industries Trade Commissioner, Government of Canada, said: “It was a pleasure to work in partnership with UKC3 to deliver the Canada-UK Cyber Security Insights Briefing as well as our reception at Canada House. 

“Companies such as Parabellyx, Purilock and Capzul – who joined this mission – found qualifying UK opportunities, meeting new MSSPs and learning more about the UK cyber security market to be valuable. 

“We look forward to our ongoing work, follow up and partnership with UKC3.”

Latham French, Senior Economic Officer at Ontario Trade & Investment Office – London, said: “Ontario was proud to lead this delegation of Canadian companies, including 12 Ontario businesses, in exploring the opportunities available in the UK market as they forge new partnerships. This mission highlights Ontario’s global talent in cybersecurity and AI, and our commitment to helping businesses grow through international collaboration.

With strong interest and promising outcomes from both sides, the mission underscored the value of continued Canada-UK cooperation in advancing cyber resilience and digital innovation. As a new partner, UKC3 were instrumental in levelling up opportunities for all participants to make new business connections, we look forward to future collaborations.“

The event was held in partnership between UKC3 and the High Commission of Canada, with guests using the opportunity to build networks and discuss strategic opportunities in areas ranging from hardware to artificial intelligence. They were joined by experts representing organisations ranging from hardware and software testing companies to Canadian regional economic development agencies.

Zain Javed, Cluster Director at North West Cyber Security Cluster and Co-Founder of Citation Cyber, was also among the guests, describing the event as a good opportunity to connect with like-minded professionals from both sides of the Atlantic.  

He added: “It was refreshing to hear first-hand from Canadian SMEs about the challenges and opportunities they’re tackling and to share perspectives on how we can collaborate more deeply across the UK and Canada.”

“Events like this help strengthen international links and foster innovation in our sector.”

Simon Newman, Co-Chair of UKC3 and Founder of Cyber London, said: “Events such as this demonstrate the power of the national cluster network in bringing together cyber specialists both nationally and internationally.

“It’s a format we are now looking to replicate with representatives from other nations.

“We are grateful to our partners at the High Commission of Canada for working with us to stage such a productive and enjoyable event.”

UKC3 helps to convene cyber security cluster engagement in national and international events. Find out more here or email info@ukc3.org

The 2025 Spending Review placed digital transformation at the heart of the Government’s long-term economic and national security strategy.

Chancellor Rachel Reeves covered AI capability, cyber resilience, as she set out funding for government departments over coming years. The funding covers day–to-day spending and capital investment on infrastructure projects.

The announcement was a significant moment for the UK’s cyber ecosystem, affirming its critical role and offering a new wave of opportunity for innovation, skills, and collaboration.

Ben Shorrock, UKC3 Director and Ecosystem Development Lead, and CEO at TechSPARK,  has been looking at the implications.

Cyber is central to Government transformation

The headline £3.25 billion Transformation Fund will drive modernisation across public services, with a clear focus on digital delivery, automation and security. 

Each Government department is now expected to deliver at least 5% efficiency savings, largely through digital transformation and enhanced cyber resilience.

This marks a fundamental shift – cyber security is no longer just a protective layer, it is now central to delivering a more efficient, agile state.

£600 million for Intelligence and Security

An additional £600 million has been allocated to the UK’s intelligence agencies. This includes £100 million specifically for cyber and national security institutions. 

The funding includes continued backing for the National Cyber Security Centre (NCSC) and the National Protective Security Authority (NPSA).

This investment underlines the importance of maintaining and expanding the UK’s defensive capabilities in an increasingly complex threat landscape.

This is a clear opportunity for innovation and public-private collaboration in threat detection, resilience and critical infrastructure protection.

Building a digitally-skilled Civil Service

The Government has committed to making 1 in 10 civil servants a “digital professional” by 2030. This means embedding AI, cyber and digital capability across departments. 

This is a big ambition – and one that will rely on strong connections with the cyber ecosystem.

UKC3 and our partners already play a critical role in cyber talent development through programmes like CyberFirst, which we help support across multiple regions. 

As CyberFirst transitions into the broader TechFirst programme, we’re committed to building on that success – ensuring that cyber remains a core pillar of future digital skills delivery, and that regional clusters remain central to its rollout.

Digitising HMRC

A dedicated £500 million investment will transform HMRC’s services, with a goal of making 90% of interactions digital self-serve by 2029-30. 

Security, trust and data integrity will be vital to this shift – making it an important area for cyber innovators specialising in digital identity, fraud prevention and secure access.

AI Investment

The Government’s £2 billion AI Action Plan includes a 20-fold increase in the UK’s compute capacity, support for scaling AI companies, and the launch of a new UK Sovereign AI Unit.

While AI isn’t a cyber investment per se, its rapid adoption brings with it significant security challenges and opportunities. 

From securing AI infrastructure to addressing model vulnerability and misuse, the cyber sector will play a vital role in ensuring AI can be deployed safely, responsibly and at scale.

Long-term growth through R&D

With R&D investment rising to £22.6 billion per year by 2029-30, the Spending Review reinforces the UK’s innovation-first approach to long-term growth. 

Cyber security R&D – including secure-by-design technologies, AI safety, privacy-enhancing tech and threat modelling – must be part of this investment landscape.

An opportunity for UKC3 and the cyber ecosystem

The Spending Review places cyber at the heart of national strategy. 

To make the most of this, we must:

• Ensure regional cyber clusters are recognised as essential partners in delivery of public sector digital transformation
• Embed cyber capability and innovation into the UK’s AI and digital economy ambitions
• Build new pathways into cyber careers, particularly by supporting the successful transition from CyberFirst to TechFirst
• Help SMEs access funding and procurement opportunities emerging from this wave of public sector investment
• Champion cyber resilience as an enabler of productivity and economic growth, not just a compliance exercise

UKC3 is committed to leading this national effort. 

Through collaboration, innovation and a strong regional network, we will ensure the UK’s cyber sector continues to thrive, support national resilience and shape the future of secure digital infrastructure.

• Learn more about the convening power of UKC3.

A room full of women chatting, plotting, laughing and discussing cyber security. That’s not something we see very often, but at the Women in Cyber Networking Breakfast at CyberUK it’s exactly what we got. On day two of the National Cyber Security Centre’s flagship conference, this year held in Manchester, around 180 women and allies got together to join the growing communities that are helping women to connect with others, find mentors and friends, and progress their careers.

The event first took place in the ICC Wales. As founder of the Women in Cyber Wales network, I took the plunge and asked a representative of the NCSC whether I could possibly run one of my networking events as a fringe event at CyberUK 2022. I can remember taking the call confirming that a breakfast slot had been allocated to me, all I needed to do was provide a bit of narrative and our logo for the online programme. I was absolutely delighted.

That first event had around 65 attendees, and has grown year on year, and it is now established as a core part of CyberUK. As the Women in Cyber Wales network has grown into ‘Women in Cyber Unlimited’ so has the event grown, indicating that there isn’t just a desire for communities like this, there is a definite need. Women still make up just 17% of the cyber security workforce, so it’s important to provide opportunities for us to meet and build our networks. Not only that, it demonstrates the breadth of skills and experience women have in this space, and amplifies the importance of having a diverse workforce.

The theme of CyberUK this year was ‘Transforming Resilience, Countering Threats”and we can do that by being a more inclusive industry. I think organisations are much more aware of the importance of diversity now, but that still isn’t reflected in the numbers, particularly at senior levels.

The event itself was uplifting, warm and full of talent. After a couple of short presentations from Clare T, NCSC, Kirsty Miller from our sponsors, Lockheed Martin and myself, the room erupted into a buzz of noise. I was also thrilled that we were joined by Richard Horne, CEO and Felicity Oswald of the NCSC, and Anne Keast-Butler, Director of GCHQ. A number of people came up to me afterwards saying they had come to the conference alone, and now felt less isolated, that they had made a new connection, or that they had hatched some business collaboration, and that’s what it’s all about. Bringing people together, celebrating their contribution to the sector, whatever that might be, growing friendships and ultimately building a more resilient nation. It was a wonderful way to start the day.

Can you share an overview of your career journey and how you came into the field of cyber security?

After 28 years in policing, working across everything from frontline response to community engagement and project work, I made a move into cyber security. I joined Police Scotland’s Cybercrime Harm Prevention Team with no prior technical experience but a real appetite to learn. I am so glad I made the leap as I found myself in the heart of a welcoming, knowledgeable and collaborative cyber community here in Scotland.

From there, I went on to join the Cyber Strategy Implementation Team, helping shape the very first cyber strategy for Police Scotland. My focus was on prevention—working with the Home Office to develop a strategy aimed at identifying and supporting young people at risk of becoming involved in cybercrime and instead guiding them towards education, training and employment opportunities.

After retiring, I was offered a role at ScotlandIS to lead a project working with Managed Service Providers. We created the UK’s first Best Practice Standards Charter for MSPs—a community-driven initiative focused on securing the supply chain and promoting cyber resilience. Off the back of that, I was offered the role of Head of Cyber at ScotlandIS.
What motivated you to be involved with ScotlandIS?

No two days are ever the same at ScotlandIS. With a small team of 10, we juggle everything from running national clusters (Cyber, Data, MSP) to supporting startups, building the digital skills pipeline and delivering major events like ScotSoft and the Digital Tech Awards. It’s busy, but I genuinely love what I do and the people I get to work with.

Can you provide an example of a significant project or initiative you’ve led that had a substantial impact on your region’s ecosystem?

I’m especially proud of the charter work and of launching Cyber Pathways—a pilot project connecting students with real-life cyber roles and helping them visualise a future in this space. It’s now being rolled out more widely, creating direct links between education and industry.

What skills or knowledge areas do you think are key to being such a fantastic ambassador for ScotlandIS?

If there’s one thing I’ve learned, it’s that building strong relationships is key—Scotland’s tech community is small, but formidable. Knowing our members, their capabilities and helping connect the dots is how we continue to grow a thriving, resilient sector.

What are some of the biggest challenges you’ve faced working in such a fast growing organisation?

The biggest challenge? Time. There’s so much happening, so many opportunities and never quite enough hours in the day. But with great support from partners like UKC3 and an incredible digital tech community, we keep moving forward.