How could interventions be improved to reduce cyber risks posed by organisations and the economy? Do some interventions work better for some sectors, sizes or maturities of a company? How can we best visualise this and classify? Does organisational structure play a role in how effective certain interventions are? Is there a need for different types of intervention for different sectors and structures?

Background

In order to ensure the UK is well protected now and in the future we need to build upon our existing knowledge of cyber security risks and the resilience of software supply chains and are working to identify which mitigations the government can leverage to ensure the UK is well protected now and in the future.

We’re also assessing the impact of these mitigations in driving enhanced security measures. A key area of research interest therefore is understanding the consequences of requiring higher levels of cybersecurity for products and digital services sold in the UK. Strengthening this evidence base will help shape and inform future policy work around the regulation of products and business requirements for cyber security.
Some technologies are critical to cyberspace. To build and sustain competitive edge in cyber-related technologies we need a coordinated, rigorous and consistent approach to identify and analyse critical areas of science and technology and prioritise national effort. CSDI is interested inbeing able to better anticipate the science and technology developments most vital to UK cyber power and in analysing thebe opportunities and risks related to those developments.

It is crucial to ensure that digital identity solutions are both secure and inclusive. The directorate seeks to gather further evidence on how best to enable more inclusive digital identity services whilst maintaining robust security measures. Digital identity solutions enable a person to prove something about themselves for the purposes of a transaction, an eligibility check or accessing services. This includes verifying a person’s age when purchasing age regulated products, when undertaking pre-employment checks or opening a bank account. The government is not mandating specific approach, but instead has committed to setting outcomes-based standards in the form of the UK digital identity & attributes trust framework. (https://www.gov.uk/government/publications/uk-digital-identity-and-attributes-trust-frameworkbeta-version/uk-digital-identity-and-attributes-trust-framework-beta-version)
Organisations that adhere to these standards and agree to oversight from the Office for Digital Identities and Attributes (OfDIA) will receive a trust mark, so that businesses and individuals can be confident that their digital identity solution is safe and secure.

Next steps

If you are keen to register your interest in working and connecting with DSIT Digital Technology and Telecoms Group and/or submitting evidence, then please complete the DSIT-ARI Evidence survey - https://dsit.qualtrics.com/jfe/form/SV_cDfmK2OukVAnirs.
Please view full details: https://www.gov.uk/government/publications/department-for-science-innovation-and-technology-areas-of-research-interest/dsit-areas-of-research-interest-2024

Related UKRI funded projects


  • Research Institute in Science of Cyber Security (RISCS) Phase 2

    The Digital Economy is a key part of the strategy for UK economic growth. But as more businesses move into the digital space, they need to be able to protect their assets (such as their Intellectual Property) and process...

    Funded by: EPSRC

    Why might this be relevant?

    The project focuses on developing security solutions for modern organizations and measuring the impact of security measures, aligning with the question's emphasis on improving interventions to reduce cyber risks.

  • Cyber Security Cartographies: CySeCa

    "The growth of the internet has been the biggest social and technological change of my lifetime [...] It will have a huge role to play in supporting sustainable development in poorer countries. At the same time our ...

    Funded by: EPSRC

    Why might this be relevant?

    The project aims to explore how security managers select control combinations and visualize compliance behaviors, directly addressing the question's inquiry into the effectiveness of interventions and organizational structures.

  • Cyber-R: Securing Businesses through Generative AI-based Adaptive Cyber Resilience Service

    According to the UK Cyber Security Breaches Survey 2024, UK businesses faced approximately 7.78 million cybercrimes over the past year, with phishing attacks accounting for 84% of these incidents. Additionally, 50% of bu...

    Funded by: Innovate UK

    Lead research organisation: UNIVERSITY OF WOLVERHAMPTON

    Why might this be relevant?

    The project addresses the need for improved interventions to reduce cyber risks for businesses, specifically focusing on automated and customisable cyber resilience plans.

  • CyberSecurityAId: Empowering Small Businesses with Cyber Hygiene

    CyberSecurityAId is a pioneering project looking to revolutionise the cybersecurity landscape for small businesses in the United Kingdom. This transformative initiative is driven by a clear and compelling motivation: to ...

    Funded by: ISCF

  • Enhancing Cyber Resilience of Small and Medium-sized Enterprises through Cyber Security Communities of Support

    Small and Medium-sized Enterprises (SMEs) are a vital element of the economy, accounting for 99.9% of UK businesses, generating three fifths of employment and turnover of £2.3 trillion. They are a crucial asset req...

    Funded by: EPSRC

  • Cyber hygiene self-assessment maturity tool

    Cyber hygiene is defined as the practices that should be implemented and carried out regularly to protect users and businesses online. Cyber security is crucial for empowering small and medium enterprises (SMEs) as cyber...

    Funded by: ISCF

  • System Security Modeller

    "With online banking and shopping being ever more critical to our daily lives and health data increasingly going online, protecting the security of our IT systems has never been more important. We have a cyber-secu...

    Funded by: Innovate UK

  • CyberSecurityAId: Empowering Small Businesses with Cyber Security Skills

    CyberSecurityAId is an AI-powered, conversational tool designed to help SMEs identify potential cybersecurity threats and take appropriate actions to mitigate them. The tool provides tailored recommendations and real-tim...

    Funded by: Innovate UK

  • Strengthening the Local Business Community Resilience to Cyber Incidents and Reducing the Regional Cyber Skills Gap.

    The [NEBRC][0] is a not for profit private company limited by guarantee. We are a unique partnership between police, academia and corporate business that exists to help businesses mitigate business cyber risks. Our miss...

    Funded by: Innovate UK

  • Scalable Cyber Interventions Accelerating Productivity Practice for SMEs

    Micro, small and medium enterprises (SMEs) are a vital part of the UK economy, but the share of high-productivity UK SMEs remains substantially lower than other G8 countries. There is growing evidence that a barrier to S...

    Funded by: Innovate UK