UK cyber strategy is struggling to achieve its resilience objectives – the next iteration of the National Cyber Strategy needs to set out a compelling vision for change.

The UK’s cyber strategy has lost momentum. While in many ways the UK continues to invest in and operate as a ‘cyber power’, successive governments’ approach to national cyber resilience has struggled to keep pace with technological and political shifts and the threat posed by state and criminal actors. Many officials in the UK system recognise the nature of the challenges the country faces and the need for change. However, they have found it difficult to translate their own understanding of the problem into the kind of actions that could raise the bar for cyber security and resilience at sufficient scale.

The result is that the UK’s approach continues to largely rely on market forces to fix systemic technological and cyber security challenges. This is no longer sustainable when ransomware gangs repeatedly hold our essential services and flagship businesses to ransom.

The announcement at May’s CyberUK conference by Pat McFadden, Chancellor of the Duchy of Lancaster, that the government intends to publish a new iteration of the National Cyber Strategy before the end of 2025 is therefore welcome. However, government messaging suggests the new version will only be a ‘refresh’ of the existing 2022 strategy. This does not meet the scale of the challenge and is a wasted opportunity for Labour to cohere national cyber strategy with its missions for government. A new National Cyber Strategy should instead set out a positive, compelling vision to protects consumers, secure the technologies of future growth and fix the persistent market failures that damage national resilience.

