The UK government has announced a £16 million Cyber Growth Action Plan, designed to strengthen the country’s cyber security sector through investment in research, skills, and start-up support. It ties directly into wider ambitions under the Plan for Change and the forthcoming Cyber Security & Resilience Bill – all aimed at ensuring the UK remains a leading global player in cyber security and resilience.
This plan marks a clear intention to support cyber as a high-growth, strategically important sector. We now need to see joined-up thinking across skills, policy, funding and regulation, and a long-term commitment to developing sovereign cyber capabilities.
We see the opportunities including:
- Turning existing world-class research into commercial advantage
- Increasing international opportunities for UK-based cyber security companies
- Equipping the UK workforce with the knowledge and competency to meet the challenges of a digital economy
- Ensuring national security is underpinned by world-leading cyber resilience.
We’ve had a chance to delve a little further into the opportunities – and challenges – outlined in this plan. Read on to find out more.
Key Opportunities
1. Backing academic innovation
- £10 million is being invested into CyberASAP, supporting university researchers to turn cutting-edge ideas into commercial ventures. The programme has already helped launch over 30 start-ups, attracting £43 million in private investment.
By 2030, the aim is to create 25 more spinouts and generate an additional £30 million in private funding.
2. Scaling cyber SMEs
- An additional £6 million will go to the Cyber Runway programme, which supports early-stage companies and helps them grow domestically and internationally.
This will give UK innovators access to trade missions, accelerators, and expert mentoring, equipping them to expand globally and contribute to a thriving export market.
3. Improving policy through research
- A detailed review of the cyber sector, led by the University of Bristol and Imperial College London, will inform updates to the National Cyber Strategy later this year.
The review aims to ensure future decisions are driven by evidence and grounded in the sector’s real needs.
4. Strengthening national cyber defences
- The Government Cyber Advisory Board is being expanded to bring in experts from organisations such as AWS, Microsoft, Google DeepMind, Santander and BAE Systems.
This aims to build stronger collaboration between industry and government, particularly around protecting public services and critical national infrastructure.
Key Challenges
1. Addressing the cyber skills gap
- The UK’s cyber sector now employs around 67,000 people, with 12% growth year-on-year. Yet nearly half of firms still report difficulties recruiting skilled staff.
Government initiatives such as Cyber Explorers, Cyber First, and new regional skills hubs are essential, but sustained effort will be needed to build a truly inclusive and future-ready workforce.
2. Competing at global scale
- While the £16 million investment is a positive signal, some in the industry question whether it’s enough to keep pace with countries like the US and Israel, where cyber investment is on a different scale.
The UK’s strength lies in coordination, academic excellence, and regulatory leadership; but global competitiveness will require sustained funding and strategic vision.
3. Balancing regulation and innovation
- The forthcoming Cyber Security & Resilience Bill is expected to set new legal responsibilities for firms managing digital infrastructure.
While it’s vital to improve resilience, care must be taken not to place disproportionate burdens on SMEs or inhibit innovation.
Strategic Priorities Going Forward
| Focus Area | Action |
| Public–private collaboration | Leverage the Advisory Board to align industry insight with government priorities. |
| Widening the skills pipeline | Build on regional and national schemes to attract diverse talent and support lifelong learning. |
| Proportionate regulation | Ensure upcoming legislation supports resilience without stifling growth. |
| Backing advanced technologies | Target investment in areas like AI security, post-quantum encryption, and trusted hardware innovation. |
