Article at a glance 

Centre for Sectoral Economic Performance (CSEP) and the University of Bristol consolidated their recent project's findings into the UK Cyber Growth Action Plan. 

Here is why the report matters now: 

• Cyber resilience is not just about security, it’s about economic growth 

• The study shows where firms should invest to steady domestic supply and build a more competitive sector 

• Boards play a critical role in embedding cyber into governance, reporting and culture 

• Place-based, industry-led leadership is key to scaling the UK’s cyber strengths 

As UK organisations become increasingly dependent on digital infrastructure, there is a growing focus on cyber resilience as being critical to economic growth. In turn, there is also an imperative to harness economic growth to fuel cyber innovation. The UK Cyber Growth Action Plan, based on input from the country’s cyber sector as a whole, makes recommendations for how to build on both of these areas. 

Early collaboration between policymakers, academics and industry has the potential to generate growth. For business leaders, cyber resilience is no longer a technical issue delegated to IT teams. It affects operational continuity, supply chains, regulatory exposure and long-term growth. 

What the report means for people leading the industry and governments  

For businesses, this means clearer expectations and smarter procurement, which not only reduces uncertainty but also makes it easier for cybersecurity providers to scale. 

Culture is also important: boards can help by taking cyber reporting seriously as part of their broader reporting duties, and by ensuring that cybersecurity is woven through operational, legal, regulatory, compliance and other functions. 

The report is divided into nine recommendations, with 24 associated suggestions, which call on stakeholders in industry, government, academia and civil society to: 

• Curate the UK’s cyber culture to drive growth and public participation in cyber skills and innovation. 

• Put leadership in the right places with industry-led national and place-based cyber growth roles.  

• Build on the UK’s places of cyber strength to collaborate on sensitive topics and chosen technology areas, and make time to create and anticipate cyber futures. 

The researchers found that there is real willingness within the UK cyber community to improve in these ways. This is vital, as partnerships between academia, government and industry will be critical to the UK staying ahead in the cyber race. However, there remains a challenge in achieving the above objectives due to the fragmented nature of the UK cyber community, with no single representative for combined stakeholder interests.  

How cross-disciplinary work shaped the project 

At CSEP, we were keen to involve more perspectives from the outset. Even though this was an original and independent piece of research, we welcomed the Department for Science, Innovation and Technology (DSIT) as a key stakeholder in order to shape the work. 

After working with DSIT colleagues to define the research question and set up the key relationships, the project was then led by Professor of Practice in cyber security Dr Simon Shiu at the University of Bristol. This is a key feature of CSEP’s cross-disciplinary work, outlining projects that we then put out to other universities and partners, to harness a diverse range of expertise and contribute to a stronger sector that can help to drive economic growth. 

What’s next for the research in the cyber sector 

The challenge now is execution. The next phase of our work focuses on turning strategy into action, which involves testing what works in different regions, supporting local leadership, and sharing best practice across the UK. For businesses, this is an opportunity to shape the future of the cyber sector.