Cyber security | UK Regulatory Outlook July 2025

UK government investment to boost cyber security sector 

The government published its much-anticipated Industrial Strategy, which sets out its ten-year approach to regulation and plans for increasing business investment in eight "growth-driving" sectors and the "frontier industries" that sit within them.  

In the Digital and Technologies Sector Plan, cyber security has been identified as one of the six frontier industries that will drive UK economic growth. The action plan includes substantial new funding to support the commercialisation of cyber research and investment in the National Cyber Innovation Centre, which aims to foster collaboration between business, government and academia in tackling emerging cyber threats.  

Similarly, the Cyber Growth Action Plan, which is expected to be published in summer 2025, will cover the supply and demand of cyber goods and services to identify new trends and opportunities for growth. Businesses should be aware of these developments as they signal a significant push towards enhancing cyber security capabilities, innovation and resilience. See the government press release. 

British Standards Institution guidance to help businesses manage cyber threats  

The British Standards Institution (BSI) has published Cybersecurity — Information and communication technology readiness for business continuity (BS ISO/IEC 27031:2025), an updated standard, which aims to offer companies a systematic approach to prevent, predict and manage IT disruptions during and after cyber attacks and other incidents.  

The revised standard, which is being updated for the first time since 2011, takes into account the increased use of cloud IT services, and the growing threat to commercial companies that are being targeted by cyber criminals through social engineering attacks, and includes updated methodologies for: risk management, incident response and continuity strategy implementation. 

See the press release for more information. 

Thematic findings from the 2024 Cyber Stress Test in the financial sector 

The Bank of England and the Prudential Regulation Authority (PRA) published a letter to PRA-regulated firms and financial market infrastructure firms (FMIs) outlining the findings of the Bank of England's 2024 Cyber Stress Test (CST24). 

The CST24 was a voluntary test which asked providers and users of wholesale services to model the impact of suspected, confirmed and longer cyber attack scenarios affecting the data integrity of transaction settlements, and attend workshops to discuss their response.  

The findings, which will be relevant to all firms and FMIs, should be used to improve firm and sector response and recovery capabilities and be considered alongside findings from operational resilience testing and implementation of operational resilience policies. 

All firms are expected to consider the implications of these findings for their own businesses, in particular to reflect on whether planning and preparation for potential incidents can be improved.