Government investment: short-circuiting potential

Ian Bowell at Thrive argues that the £16 million funding that makes up part of the UK Government’s cyber-security growth action plan won’t power the UK’s cyber-future on its own

 

The convergence of advanced threats and AI innovation is redefining where and how organisations are vulnerable. Readily available cyber-security tools are enabling bad actors to craft convincing phishing emails, develop ransomware and even deploy deepfakes to trick users into sharing sensitive information. The need for investment in cyber-security has therefore never been greater.

 

The UK Government’s Cyber Growth Action Plan (Cyber GAP) is a welcome signal of intent to power growth, designed to boost cyber-security startups, commercialise academic research and help homegrown innovation scale globally.

 

But the plan’s £16 million funding packages for startups, split between CyberASAP (Cyber-security Academic Startup Programme) and Cyber Runway, are strikingly modest for a sector valued at £13 billion. And while startups may be masters of doing more with less, underfunding risks bottlenecking innovation, slowing commercialisation and losing talent to better-resourced international ecosystems.

 

A step in the right direction

The UK’s investment in cyber-security via the Cyber GAP is a step in the right direction to improve national and global cyber-resilience. In terms of the structure of the plan, it’s really positive. The money is being split between CyberASAP to support research spin-outs (£10 million), with the remaining £6 million going on aiding cyber-security startups and SMEs to grow internationally.

 

The CyberASAP investment is key because it focuses on helping academics turn their groundbreaking cyber-security research into successful commercial startups. Academically, the UK is really strongly positioned to capitalise on this funding, with numerous universities involved in the field of quantum computing and AI research and development.

 

For example, The Alan Turing Institute was established by five founding universities to drive AI-related research, partnerships and collaborations. With 50 years of pre-AI progress anticipated for the next five years, AI appears certain to make cyber-security solutions more efficient and convenient. This £10 million injection will help ensure that leading research can reach the right industry professionals and help encourage a sustainable pipeline of new talent to join the sector in the process.

 

However, this £16 million figure overall pales in comparison to some international counterparts, particularly the US. Each year, the National Science Foundation invests about $250 million in research and development funding, having a beneficial impact on approximately 400 startups and small businesses across the country. The £16 million level of government funding will also struggle to permeate across other sectors and businesses in the UK such as healthcare, pharmaceuticals or other critical areas including manufacturing, meaning cyber-security innovation could be stifled in these industries.

 

Doing more with less

While the funding may not be the money tree the sector needs, there is an opportunity for startups to make the money they do have access to go further to ensure the UK doesn’t fall behind when it comes to cyber-security innovation. For example, public-private partnerships and co-investment models will help to bridge the gap.

 

Applying cyber-security technologies and services to healthcare, finance and critical national infrastructure can help amplify the funding’s impact. Aligning with urgent national initiatives, such as the much-needed modernisation of the NHS, can enhance the nation’s cyber-resilience in areas where it matters most.

 

And where government funding may be lacking, UK startups can position themselves competitively by aligning with relevant regulations. One such example is the NIST Zero Trust framework, which focuses on restricting user access and preventing cyber-attackers from causing havoc within networks. In theory, it will eliminate passwords and replace them with biometric protections such as face recognition and fingerprints, alongside unique keys on devices.

 

It’s a really well-thought-out framework because it can be applied across numerous platforms and in areas such as operational technology and critical infrastructure, including water and electrical systems. Prioritising investment in this area can position the UK as a trendsetter for scalable, resilient architectures. The US has released a detailed zero trust architecture specification paper, which offers 19 example architectures, providing a key starting point for businesses. It offers a great foundation that organisations can use as a template to get ahead in the UK.

 

The UK specifically is also taking a balanced approach to regulation, which is focusing on protecting businesses while maintaining operational efficiency at the same time. Against a backdrop of limited funding, this balanced strategy ensures that the region remains attractive to new businesses and jobseekers seeking a more pragmatic regulatory environment.

 

Ambition must be matched with scale

The Cyber Growth Action Plan is a strong signal of support for the UK’s cyber-security sector, and its emphasis on commercialising research and supporting startup growth is a promising development. But ambition must be matched with scale. With global threats evolving rapidly and AI accelerating the pace of change, the UK cannot afford to underfund its response.

 

To stay competitive, a broader and more sustained approach is needed, which should combine targeted government investment with deeper collaboration between academia, industry and the private sector. This will help to build a resilient, inclusive network with global reach. If the UK can strike that balance, it has the foundations in place to shape the next wave of cyber-security innovation and resilience.

 

---

 

Ian Bowell is Virtual Chief Information Security Officer at Thrive

 

Main image courtesy of iStockPhoto.com and BirgitKorber