CyberUK 2025, the UK government’s flagship cybersecurity event hosted by the National Cyber Security Centre (NCSC), took place from 6-8 of May, at Manchester Central. The conference brought together over 2,000 cybersecurity leaders and professionals from government, industry, and academia under the theme “Transforming Resilience. Countering Threats”. The event featured plenaries to open and close each day, technical masterclasses, and specialised streams that explored various aspects of cybersecurity from policy and governance to technical implementations and advancements in cyber security research.
Opening Plenary
The event began with powerful keynotes from Richard Horne and Pat McFadden, emphasising the critical importance of cybersecurity in today’s interconnected world. Against a backdrop of recent cyber attacks on major UK retailers, McFadden stressed that “cybersecurity is not a luxury – it’s an absolute necessity”. He highlighted the government’s commitment to improving national cyber defences through the forthcoming Cyber Security and Resilience Bill, which will grant new powers to direct regulated organisations to improve their cyber resilience and reinforce cyber defences.
McFadden also positioned the UK as a potential global leader in cybersecurity services, drawing a parallel to how Lloyds of London historically insured shipping worldwide. He emphasised three key lessons from recent incidents:
- The importance of coordinated response involving both government and private sector entities
- The necessity of strong public-private partnerships in managing cyber incidents
- The economic opportunity that cybersecurity presents for the UK economy
In his keynote, NCSC CEO Richard Horne revealed that the agency had managed more than 200 cyber incidents since September 2024, including twice as many “nationally significant incidents” compared to the same period the previous year. He characterised the cyber risks facing the UK as “widely underestimated” and called for a fresh perspective on cybersecurity as a contest between defenders and adversaries, providing a wholly transparent view of the NCSC’s efforts in protecting national interests.
Horne highlighted the need for organisations to focus on both what they can control in cyber defence and also being prepared for what they cannot control. He specifically highlighted threats from nation-states, with China described as the “pacing threat” in cybersecurity due to their strategic capability, legislation, and data ecosystem. Horne also noted the concerning connection between Russian cyber attacks and physical threats to the UK, describing ransomware as “probably the most pressing threat” organisations across the UK will face in at least the next year.
Technical Masterclasses
The conference featured several technical masterclasses that provided crucial insights into the evolving cyber threat landscape. One session, “Trends in Cyber Threats – Evolving Attacker Behaviours”, covered how attackers are exploiting edge devices with new techniques, developing novel exfiltration methods, and utilising stolen data in increasingly sophisticated ways. This session aligned with CrowdStrike’s recently released 2025 Global Threat Report, which discussed a surge in cyber threats such as ransomware, evolving adversarial tactics and attack paths, and record-breaking attack speeds.
Another masterclass, “Countering Cyber Threats for Resilient Global Supply Chains”, explored the threats that increasingly complex and global supply chains introduce to organisations. The session examined how these threats become less quantifiable as supply chains become more divergent and interconnected. Both research and real case studies were discussed, providing evidence-based methods for identifying vulnerabilities in supply chains and implementing more effective security measures.
A forward-looking session, “Research for Better Cyber Defence”, showcased research that could change the future of cyber defence, focusing on AI-led defence, capabilities of bots vs. humans in speech and text-based communications, and distinguishing characteristics of effective responses to security incidents. The session strongly emphasised the importance of stronger collaboration between academia and industry.
Thematic Streams
The conference also featured thematic streams that delved into various aspects of cybersecurity. One such stream, “Cyber Is Not a Technical Problem, It’s a Governance Issue”, examined how cybersecurity represents a principal business risk that requires effective board oversight and governance. The session explored the board’s responsibilities regarding cybersecurity, ways to improve collaboration between CISOs and their boards, and best practices for effectively governing cybersecurity risk.
Another stream, “Transforming Resilience: Rethinking the Cyber Security Ecosystem and Sociotechnical Approaches”, examined the cyber ecosystem as a complex community of people, organisations, and technology forced together in an increasingly connected environment. The panel combined systems thinking with lessons learned to tackle challenges and explore what a successful cyber ecosystem of tomorrow might look like.
Key Announcements and Initiatives
Several important announcements were made during the conference, which included:
- Cyber Security and Resilience Bill: The UK government is advancing legislation that will grant new powers to direct regulated organisations to reinforce their cyber defences and require over 1,000 private IT providers to meet certain cybersecurity standards.
- Passkey Implementation: The NCSC announced plans to switch from SMS-based verification to passkeys for accessing government services later in 2025.
- Code of Practice for Technology Providers: The NCSC launched a voluntary code of practice establishing baseline cybersecurity expectations for software vendors and their customers.
- Testing Centres: New facilities will allow technology vendors to test their products’ resilience against cyber attacks.
Conclusions and Recommendations
CyberUK 2025 highlighted several critical themes and priorities for organisations and cybersecurity professionals:
- Elevated Threat Landscape: The doubling of “nationally significant” cyber incidents demonstrates that threats continue to increase in both frequency and sophistication. Organisations must prioritise cybersecurity as an essential business function, not an optional add-on.
- Board-Level Responsibility: Cybersecurity is increasingly recognised as a governance issue requiring board-level attention and accountability. Boards must provide effective oversight and assurance that cyber risks are being managed effectively.
- Supply Chain Security: As supply chains become more complex and globalised, organisations need to implement more robust measures to secure the entire chain and mitigate cascading risks.
- Public-Private Partnerships: Effective cybersecurity requires strong collaboration between government, industry, and academia. These partnerships are essential for developing new defences, sharing intelligence, and responding to incidents.
- Research and Innovation: Investment in research, particularly in AI-led defence and human-machine teaming, will be crucial for staying ahead of evolving threats.
- Standards Development: Organisations should participate in the development and implementation of security standards for emerging technologies like AI, quantum computing, and 6G to ensure security is built in from the start.
CyberUK 2025 underscored that in 2025 and going into the future of a diverse and complex threat landscape, resilience is a collective responsibility requiring coordinated action across sectors and borders. As Richard Horne emphasised, organisations must adopt a dual approach: strengthening what they can control while preparing for what they cannot.
