The UK government has announced a £16 million investment to accelerate the country’s cyber security sector following recent high-profile attacks on Marks & Spencer, the Co-op and Harrods. The move is part of a broader strategy to bolster national resilience while positioning cyber as an economic growth engine.
Unveiled by the Department for Science, Innovation and Technology (DSIT), the package includes £10 million for CyberASAP — a programme to commercialise academic research — and £6 million for Cyber Runway, which supports early-stage scale-ups. The government estimates this will help create 25 new companies and attract a further £30 million in private investment by 2030.
Ministers say the aim is to secure both the country’s digital backbone and its long-term industrial competitiveness. “Cyber security is essential to our economic strength and national resilience,” said cyber minister Feryal Clark, while Chancellor of the Duchy of Lancaster Pat McFadden highlighted the potential for “high-skilled, high-paid jobs” in the sector.
The announcement follows a string of damaging cyber incidents across critical sectors, including retail. M&S confirmed this month that it had suffered a major ransomware breach via a third-party supplier — identified as a “highly sophisticated” attack involving social engineering and SIM swap techniques. The disruption forced the retailer to suspend online orders for weeks, with total profit impact estimated at £300 million.
Want the full story?
Our Business Quarter Executive deep-dive explores what’s really fuelling the wave of retail breaches — and why cyber defences alone won’t cut it.
The company has since resumed partial service, with full online operations expected to return in July. At its peak, the incident wiped over £750 million from M&S’s market value and sent its share price tumbling more than 13%. Cleanup efforts involved restoring thousands of affected applications and servers — a process M&S described as its most significant IT overhaul in recent years.
The Co-op and Harrods were also reportedly targeted, though details remain limited. Cyber threats have increasingly hit consumer-facing firms with extensive digital infrastructure but historically lower levels of cyber investment.
The new funding forms part of the government’s broader ‘plan for change’ industrial strategy and is accompanied by a commissioned economic review of the cyber sector. Led by Professor Simon Shiu of Bristol University, the review is intended to inform the next National Cyber Strategy due later this year.
Additionally, the UK’s Cyber Advisory Board has been relaunched to guide public sector cyber resilience. Board members include senior leaders from BAE Systems, Santander, Amazon Web Services, Microsoft and Google DeepMind — a cross-section of the defence and tech sectors tasked with helping shape the upcoming Cyber Resilience Bill.
Business opportunity is central to the government’s messaging. New research from cyber firm ESET suggests UK businesses are now generating an estimated £27 billion annually in additional revenue thanks to improved cyber credentials. More than half of surveyed companies reported increased turnover, often due to access to new markets and clients with stricter cyber requirements.
The fund is part of a growing trend among governments to treat cyber not just as a defence concern but as a strategic growth sector. With high-profile breaches becoming more common, the UK’s approach appears to recognise that national resilience and industrial innovation are increasingly two sides of the same coin.
