The UK government has closed 2025 with major developments in cyber security policy, skills and industry engagement, highlighted by the introduction of the Cyber Security and Resilience Bill and new evidence on the economic impact of cyber attacks
Together, these actions show an increased focus on resilience, regulation and global leadership in cybersecurity.
Landmark cybersecurity bill introduced
A major milestone came in November with the introduction of the Cyber Security and Resilience Bill to Parliament. The legislation is designed to strengthen protections for essential services such as health, transport, energy and digital infrastructure, building on the existing Network and Information Systems regulations.
The Bill expands the scope of regulation to include managed service providers, data centres, large load controllers and critical suppliers, requiring them to maintain robust cyber defences.
It also increases the powers of cyber regulators, improves incident reporting and enables the government to update cyber laws more rapidly in response to emerging threats. The second reading of the Bill is scheduled for early January.
Cyber attacks and the economic cost
New independent research published alongside the Bill showed the huge financial impact of cyber attacks across the UK economy. The average cost of a major cyber incident for a UK business is estimated at nearly £195,000.
The research also highlights substantial losses linked to intellectual property theft, fraud arising from data breaches and wider impacts on consumers and critical sectors such as rail. These findings reinforce the case for stronger cyber resilience across both public and private sectors.
UK cyber leadership
The UK’s cyber security approach is increasingly shaping international standards. During Singapore International Cyber Week, the UK’s Code of Practice on AI Cyber Security was adopted as the basis for a new global ETSI standard. UK product security laws are also gaining international recognition, while Australia has followed the UK’s lead by introducing a voluntary code of practice for app stores and developers.
Growing adoption of cyber essentials
The government’s Cyber Essentials scheme continues to expand at a record pace. Over 53,000 certificates were awarded in the past year, an 18% increase on the previous year. Organisations certified under the scheme are significantly less likely to make cyber insurance claims, demonstrating the effectiveness of baseline cyber hygiene.
Ministers have also written to large and small businesses, urging board-level ownership of cyber risk, greater use of National Cyber Security Centre services and wider adoption of Cyber Essentials in supply chains.
The cyber workforce continues to expand
Employment in cyber security roles reached 143,000 in 2025, a 5% year-on-year increase. While the workforce gap has been closing steadily since 2023, many businesses still report skills shortages, particularly in advanced technical areas. Gender imbalance remains a challenge, with women underrepresented, especially in senior roles.
Building skills and industry engagement
Government investment through the £187 million TechFirst programme is beginning to deliver results, supporting undergraduates, encouraging young people into cyber careers and expanding outreach initiatives such as the CyberFirst Girls Competition.
Industry engagement has also remained strong. The Cyber Growth Partnership met in December to discuss investment, procurement and education, while new surveys have been launched to map UK capabilities in software and AI security. These insights will help inform future policy and support the growth of the cyber sector.
