Counter Terror Business - Cybersecurity

£740,000 to highlight cyber careers in Wales

Polly Jones — Mon, 16 Mar 2026 11:51:42 +0000

More than £740,000 of Welsh Government Tech Valleys funding will be spent on inspiring thousands more children across Southeast Wales to explore cyber security careers.

The money will be used by the National Digital Exploitation Centre (NDEC) to expand its cyber security education outreach programme to 10,000 learners across the region.

NDEC delivers interactive activities on digital forensics, cybercrime and internet safety for primary school children.

The extra funding will introduce new training on AI and sustainability, and help address barriers like transport and equipment costs for schools in disadvantaged areas. It will also enable bilingual delivery of activities.

The programme is delivered by Thales and the University of South Wales and encourages young people to pursue education and careers in cyber security and computing.

The first phase of the programme reached 216 schools and 20,000 learners across Southeast Wales.

Cabinet Secretary for Economy, Rebecca Evans, said: "These vital skills will help keep children safe online whilst opening the doors to rewarding careers.

"Our investment will help inspire more students, foster early interest in digital careers, and support the development of a future cyber workforce - and I am really pleased that this programme can now be delivered bilingually."

Year 5 students from Ysgol Y Graig in Merthyr Tydfil are taking part in digital forensics activities, where they have been learning about cybercrime and online safety. They worked in groups to gather evidence from a staged crime scene, which they will analyse in a later session.

Ysgol y Graig Primary School teacher, Matthew Howells said: "The Digital forensics project is an absolutely amazing experience for the children. The range of activities they cover and the immersive experience of analysing the Jaguar, gives the children a wide range of future career opportunities and develops an increased passion for STEM. A wide range skills are developed across the 5 project sessions and the opportunity to work with STEM role models is an added benefit for the children."

NCSC advises UK organisations to take action amid ongoing Middle East conflict

Polly Jones — Tue, 03 Mar 2026 11:08:23 +0000

The National Cyber Security Centre is urging UK organisations to take action amid evolving events in the Middle East.

While highlighting that there is no current significant change in the direct cyber threat from Iran to the UK, organisations are advised to review their cyber security posture.

As the conflict is fast moving, this assessment is subject to change and NSCS says that there is almost certainly a heightened risk of indirect cyber threat for those organisations and entities who have a presence, or supply chains, in the Middle East.

As a result, organisations should prepare to respond to the risk of collateral impacts in the UK from Iran-linked hacktivists by reading previously issued advisories on DDoS attacks, phishing activity and ICS Targeting.

Those who may be higher risk, for example with those with offices or supply chains in the region, should adjust their cyber security posture accordingly, by following NCSC's actions to take when threat is heightened guidance.

Furthermore, CNI organisations may wish to pre-emptively review the NCSC's recently published guidance on actions to take now to prepare CNI organisations for severe cyber threat.

New cyber profession launched to strengthen cyber defences

Polly Jones — Fri, 27 Feb 2026 09:28:07 +0000

The government has launched a new cyber profession alongside a new vulnerability monitoring service (VMS) to reduce cyber risks and speed up fixes.

A dedicated government Cyber Profession will recruit and train cyber experts. The new government Cyber Profession is co-branded with the Department for Science, Innovation and Technology and the National Cyber Security Centre.

The profession will introduce a competitive total employee offer, establish a dedicated Cyber Resourcing Hub to streamline recruitment, and create a clear career framework aligned with UK Cyber Security Council professional standards.

It will also create a government Cyber Academy for training and development, a new apprenticeship scheme to build future talent, and structured career pathways to strengthen long-term capability across the public sector.

VMS, the specialist government monitoring service, was introduced as part of the Blueprint for modern digital government, published in January 2025. Since its introduction, security weaknesses in public sector websites are fixed 6 times faster – cutting the average time from nearly two months to just over a week.

The vulnerabilities are in the Domain Name System (DNS). These weaknesses can allow attackers to redirect users to fraudulent sites, steal sensitive data, or take services offline entirely.

Before the VMS was introduced, a weakness in a government DNS record could go unnoticed for nearly 2 months.

The VMS continuously scans 6,000 UK public sector bodies, detecting around 1,000 different types of cyber vulnerabilities. If a weakness is identified, the relevant organisation is alerted with specific, actionable guidance.

Minister for Digital Government Ian Murray said: "Cyber-attacks aren’t abstract threats — they delay NHS appointments, disrupt essential services, and put people’s most sensitive data at risk. When public services struggle it’s families, patients and frontline workers that feel it.

"The vulnerability monitoring service has transformed how quickly we can spot and fix weaknesses before they’re exploited so we can protect against that. We’ve cut cyber-attack fix times by 84% and reduced the backlog of critical issues by three quarters. And as the service expands to cover more types of cyber threats, fix times are falling there too.

"But technology alone isn’t enough. Today I’m launching a new government Cyber Profession to attract and develop the talented people we need to stay ahead of increasingly sophisticated threats - making government a destination of choice for cyber professionals who want to protect the services that matter most to people’s lives."

Dr Richard Horne, CEO of the NCSC, said: "Cyber security is more consequential than ever today with attacks in the headlines showing the profound impacts they can have on people’s everyday lives and livelihoods.

"As our public services continue to innovate, it is vital that they remain resilient to evolving threats and vulnerabilities are being effectively managed to reduce the chances of disruption.

"The government Cyber Action Plan is a crucial step in building stronger cyber defences across our public services and the launch of the government Cyber Profession today will help attract and retain the most talented professionals with the top-tier skills needed to keep the UK safe online."

Government urges businesses to protect themselves from cyber crime

Polly Jones — Wed, 18 Feb 2026 09:21:31 +0000

The government has launched a new campaign, urging businesses to "lock the door" to criminals online.

The campaign, which will run across social media, podcasts, radio and business networks, provides practical ways for organisations to protect themselves from common online threats.

Materials will encourage businesses to engage with with the government’s Cyber Essentials scheme which sets out clear practical steps they can take to protect themselves from the most common cyber attacks. This could include keeping software up to date and controlling who has access to accounts and data.

Figures show that significant cyber incidents cost an average of £195,000 and half of all small businesses have suffered a cyber breach or attack in the last 12 months.

Last year, 92 per cent fewer insurance claims were made by organisations with Cyber Essentials in place.

The certification can also help businesses win government contracts, and eligible firms can access free cyber insurance, including a 24/7 emergency helpline, provided by the Cyber Essentials delivery partner.

Cyber Security Minister Baroness Lloyd said: "No business is out of reach from cyber criminals. SMEs play a vital role in our economy, and business owners work incredibly hard to build something valuable, but too many still assume cyber criminals only go after big brands. The reality is criminals look for easy opportunities, and without basic protections in place, any business of any size can become a target.

"I know smaller firms don’t have large IT teams, and that is exactly why Cyber Essentials matters. It provides a straightforward checklist to lock the door on cyber criminals, without needing specialist expertise. Cyber risk is business risk, just like fire or theft, and the protections are just as essential. I urge businesses to take action and adopt Cyber Essentials now."

NCSC CEO Dr Richard Horne said: "Many small business owners assume their business is too small to be on cyber criminals’ radar, but in reality, we know most attackers don’t care about size, reputation or logos – they are looking for opportunity and weaknesses.

"Small businesses do not need to go to the ends of the earth to put baseline cyber security measures in place as the Cyber Essentials scheme can help them take practical steps today.

"I urge all businesses to implement the five key security controls to help protect themselves against the most common, damaging online threats."

NCSC warns of continuing pro-Russia hacktivist activity

Polly Jones — Wed, 21 Jan 2026 10:15:33 +0000

The National Cyber Security Centre (NCSC) has warned that pro-Russia hacktivists are continuing to target UK organisations.

Local government and critical infrastructure operators are being warned to harden the ‘denial of service’ (DoS) defences.

Russian-aligned hacktivist groups are attempting to disrupt operations, take websites offline and disable services.

The NCSC highlighted NoName057(16), which has been active since March 2022 and has been been conducting attacks against government and private sector entities in NATO member states and other European countries that are perceived as hostile to Russian geopolitical interests. Attacks included frequent DDoS attempts against UK local government.

Organisations are being advised to review their defences, and to improve resilience against attacks from Russian-aligned group. In particular, they are being asked to review DoS protections. This includes understanding the service, upstreaming defences, building to allow scaling and defining a response plan, as well as testing and monitoring the service.

Government launches new cyber action plan

Polly Jones — Tue, 06 Jan 2026 10:06:26 +0000

The government has launched a new cyber action plan to make public services more secure and resilient.

The Government Cyber Action Plan is backed by over £210 million and sets out how the government will rise to meet the growing range of online threats.

A new Government Cyber Unit will drive the plan and will rapidly improve cyber defences and digital resilience across government departments and the wider public sector.

The announcement supports government plans to digitise public services.

A new Software Security Ambassador Scheme will now help drive adoption of the Software Security Code of Practice - a voluntary project designed to reduce software supply chain attacks and disruption.

Digital Government Minister Ian Murray said: "Cyber-attacks can take vital public services offline in minutes – disrupting our digital services and our very way of life.

"This plan sets a new bar to bolster the defences of our public sector, putting cyber-criminals on warning that we are going further and faster to protect the UK’s businesses and public services alike.

"This is how we keep people safe, services running, and build a government the public can trust in the digital age."

New laws to boost cyber defences for public services

Polly Jones — Wed, 12 Nov 2025 10:52:01 +0000

The government has proposed new laws to better protect public services from cyber attacks.

The Cyber Security and Resilience Bill aims to strengthen national security and protects growth by boosting cyber protections.

These proposed laws would cover certain digital and essential services including healthcare, transport, energy and water.

Under the proposed changes, medium and large companies providing services like IT management, IT help desk support and cyber security to private and public sector organisations like the NHS, will be regulated for the first time. They will also need to meet clear security duties, including reporting significant or potentially significant cyber incidents promptly to government and their customers as well as having robust plans in place to deal with the consequences.

Regulators will be given new powers to designate critical suppliers to the UK’s essential services such as those providing healthcare diagnostics to the NHS or chemicals to a water firm, where they meet the criteria. This would mean suppliers would have to meet minimum security requirements.

Changes will come to enforcement, including tougher turnover-based penalties for serious breaches so cutting corners is no longer cheaper than doing the right thing.

The technology secretary will get new powers to instruct regulators and the organisations they oversee, like NHS trusts and Thames Water, to take specific, proportionate steps to prevent cyber attacks where there is a threat to UK national security.

The Office for Budget Responsibility (OBR) estimates that a cyber-attack on critical national infrastructure could temporarily increase borrowing by over £30 billion.

Research also shows that the average cost of a significant cyber-attack in the UK is now over £190,000. This is equal to around £14.7 billion a year across the economy.

Science, innovation, and technology secretary Liz Kendall said: "Cyber security is national security. This legislation will enable us to confront those who would disrupt our way of life. I’m sending them a clear message: the UK is no easy target.

"We all know the disruption daily cyber-attacks cause. Our new laws will make the UK more secure against those threats. It will mean fewer cancelled NHS appointments, less disruption to local services and businesses, and a faster national response when threats emerge."

National Cyber Security Centre CEO Dr Richard Horne said: "The real-world impacts of cyber attacks have never been more evident than in recent months, and at the NCSC we continue to work round the clock to empower organisations in the face of rising threats.

"As a nation, we must act at pace to improve our digital defences and resilience, and the Cyber Security and Resilience Bill represents a crucial step in better protecting our most critical services.

"Cyber security is a shared responsibility and a foundation for prosperity, and so we urge all organisations – no matter how big or small – to follow the advice and guidance available at ncsc.gov.uk and act with the urgency that the risk requires."

Two arrests following nursery cyberattack

Polly Jones — Wed, 08 Oct 2025 08:49:42 +0000

Two people have been arrested by Metropolitan Police after a cyberattack on a chain of London-based nurseries.

Specialist officers from the Met conducted a proactive operation at a number of residential properties in Bishop’s Stortford, Hertfordshire.

Two 17-year-old boys were arrested on suspicion of computer misuse as well as blackmail.

Will Lyne, Met’s Head of Economic and Cybercrime, said: “Since these attacks took place, specialist Met investigators have been working at pace to identify those responsible.

“We understand reports of this nature can cause considerable concern, especially to those parents and carers who may be worried about the impact of such an incident on them and their families.

"We want to reassure the community and anyone affected that this matter continues to be taken extremely seriously.

“These arrests are a significant step forward in our investigation, but our work continues, alongside our partners, to ensure those responsible are brought to justice.”

Schools show improved cyber security training rates

Polly Jones — Wed, 01 Oct 2025 10:40:57 +0000

New data from Ofqual shows that schools and colleges across England are making progress in cyber security training, but are struggling to recover quickly from attacks when they occur.

The proportion of teachers who received cyber security training has risen by 11 percentage points from 61% during the academic year 2023 to 2024, to 72% in 2024 to 2025. Despite this, the time taken for schools to recover from cyber incidents has worsened - 55% of schools which experienced a cyber incident were able to recover immediately, compared to 63% the previous year.

Amanda Swann, Ofqual’s Executive Director of General Qualifications, said: "Cyber attacks can have a devastating impact on students’ academic work.

"Schools and colleges experiencing cyber security incidents reported losing entire classes’ coursework and facing weeks of disruption to teaching and learning."

The poll also found that 29% of schools experienced a cyber security incident in the past academic year, down slightly from 34% previously. Despite this modest reduction in prevalence among those surveyed, the severity of the impact was greater with 10% of schools reporting critical damage from attacks, up from 6% the year before.

As part of Cybersecurity Awareness Month this October, the regulator is urging schools to ensure they are protected from malicious software and backups are in place to restore students’ coursework and other vital systems in the event of an attack.

Government loan for Jaguar Land Rover after cyber attack

Polly Jones — Tue, 30 Sep 2025 09:55:01 +0000

The government has agreed to support Jaguar Land Rover (JLR) with a guarantee expected to �鶹�� up to £1.5 billion, following the recent cyber attack.

The loan from a commercial bank, backed by the Export Development Guarantee (EDG) provided by export credit agency UK Export Finance, will be paid back over five years.

It will bolster JLR’s cash reserves so it can support its supply chain which has been greatly impacted by the shutdown.

Business and Trade Secretary Peter Kyle said: "This cyber-attack was not only an assault on an iconic British brand, but on our world-leading automotive sector and the men and women whose livelihoods depend on it.

"Following our decisive action, this loan guarantee will help support the supply chain and protect skilled jobs in the West Midlands, Merseyside and throughout the UK.

"We’re backing our automotive sector for the long term through our modern Industrial Strategy and the landmark trade deals we’ve signed to boost exports, as part of our Plan for Change."

Chancellor of the Exchequer Rachel Reeves said: "Jaguar Land Rover is an iconic British company which employs tens of thousands of people - a jewel in the crown of our economy.

"Today we are protecting thousands of those jobs with up to £1.5 billion in additional private finance, helping them support their supply chain and protect a vital part of the British car industry."