As the UK prepares to publish its National Cyber Action Plan, a new report from the Royal United Services Institute (RUSI) warns that Westminster must adopt a far more interventionist approach to cyber security to protect the economy and national infrastructure.
Titled Rebooting the UK’s Cyber Strategy, the report highlights persistent weaknesses in Britain’s cyber posture and policy that cost the UK an estimated £14.7bn annually and leave critical national infrastructure exposed to increasingly sophisticated threats. High-profile incidents, such as the £1.9bn cyber-attack on Jaguar Land Rover, exemplify the growing financial and political risks facing the country.
RUSI research fellows Jamie MacColl and Joseph Jarnecki stress that while the UK has “strong institutional foundations and internationally respected policy frameworks,” the current approach has not kept pace with the scale and impact of modern threats. They warn that voluntary guidance, fragmented accountability, and weak enforcement leave organisations dangerously exposed.
The report calls for a decisive shift towards treating cyber resilience as a core component of economic security.
It urges the government to reframe its strategy around economic urgency, embed risk into corporate governance with board-level accountability, develop hybrid threat response models bridging cyber criminals and state actors, hold technology suppliers accountable for insecure products, and enforce regulations through properly resourced regulators.
Andy Ward, SVP International at Absolute Security commented: “Last year, NCSC reported a 50% rise in highly significant attacks, alongside our recent research highlighting that almost a fifth of organisations experienced operational disruptions that lasted as long as two weeks, with the majority facing downtime that lasted nearly five days, when hit with a cyber-attack.
Organisations that aren’t prepared to bounce back quickly face an almost existential crisis, as prolonged downtime can literally crush a business. Cyber-attacks are no longer a question of if but when. Therefore, both government and organisations must have a cyber resilience strategy in place, that enables them to identify threats, manage disruption effectively, and return to full service with minimal delay.”
Sawan Joshi, Group Director of Information Security at FDM Group, commented: “According to the NCSC, the UK is now experiencing four ‘nationally significant’ cyber-attacks every week. In this escalating threat landscape, it is essential that both Government and business take action to withstand rising risks.
Building true cyber resilience means prioritising continuous training and sustained investment in developing young cyber talent. Technology is vital, but it is the skills, readiness and adaptability of people that ultimately determine how effectively threats are mitigated and sensitive data is protected.”
MacColl said, “Weak cyber security undermines UK growth and national security. Future economic growth without cyber resilience is built on shaky ground.” The authors add that the National Cyber Action Plan presents a “golden opportunity” to reduce systemic harms, protect the economy, and strengthen national security—but only if security is treated as more than a technical afterthought.
