Westminster eForum

For booking-related queries or information on speaking please email us at info@forumsupport.co.uk, or contact us: +44 (0)1344 864796.

Next steps for cyber security policy and regulation in the UK

Morning, Monday, 23rd March 2026

Online


This conference will focus on next steps for UK cyber security policy and regulation as government, regulators, and stakeholders assess strategic approaches to tackling the evolving threat landscape, and with the Cyber Security and Resilience Bill progressing through Parliament.


Policy & latest developments
It will bring stakeholders and policymakers together to consider key issues for implementing the Government’s National Cyber Action Plan, expected in the new year, taking forward recommendations from the independent Cyber Growth Action Plan published in September 2025. With the Security Minister confirming the publication would be a business-first plan, we expect discussion on practical routes to enable innovation, drive sector‑wide capability, and reinforce resilience across critical national infrastructure, public services, supply chains, and individual organisations, including SMEs.


Finance & resource allocation
Investment and priorities for targeting resources will be considered, we expect particularly in the context of wider policy objectives for national security, infrastructure, and economic growth - looking at funding set out in the Spending Review for the National Cyber Security Centre and support for R&D through Queen’s University Belfast’s Cyber AI Hub.


Regulation & compliance
Planned sessions will discuss provisions in the Cyber Security and Resilience Bill, including how sectors and entities included in the proposed expanded scope of NIS Regulations might best demonstrate preparedness, as well as the way forward for defining critical suppliers, and approaches to implementation of new reporting obligations. Regulatory enforcement and sanction powers will also be discussed, including how the UK framework might remain responsive and internationally competitive.


Following the Government response to ransomware legislative proposals in July 2025, attendees will examine the potential impact of banning public sector ransom payments and introducing advance‑notice rules for private companies. Areas for discussion include how such measures might affect organisational decision‑making under pressure, coordination with law enforcement, and considerations for overall national resilience.


Leadership & governance
Sessions in the agenda are also expected to address priorities for organisational leadership, skills development, workforce diversity, and tackling regional disparities. Discussion will include the way forward for embedding secure‑by‑design principles into digital infrastructure, opportunities for AI and wider innovation, and strengthening collaboration through cross‑sector frameworks. The UK’s positioning internationally will also be considered, including alignment with NIS2 and DORA, and strategies to enhance competitiveness in global markets.


Overview of areas for discussion

  • policy: provisions in the Cyber Security and Resilience Bill - criteria for defining critical suppliers - legal and logistical risks for regulated entities under new reporting obligations
  • growth levers: the National Cyber Action Plan - the role of anchor institutions and private investors - priorities for regional capability and commercial scale‑up
  • response to ransomware: potential ban on public sector ransom payments - advance‑notice rules for private companies - risks of greater disruption or unintended targeting
  • design standards: strategic options for integration of security into digital infrastructure - sector‑specific expectations for default protections - support for legacy system transitions
  • organisational practice: leadership responsibilities for cyber risk - effective organisational culture frameworks for improving cyber risk management - governance pressures on exposed sectors
  • workforce readiness: priorities for skills pipelines - regional and demographic disparities in access to careers - fulfilling future requirements for specialist and cross‑disciplinary expertise
  • technology risk: interaction between AI capability and cyber threats - responsible deployment - addressing the potential for automated systems to both defend and escalate attacks
  • international: UK alignment with frameworks, such as NIS2 and DORA - competitiveness and interoperability - issues and opportunities for UK firms exporting cyber products and services


Keynote Speakers

Ben Lyons

Senior Director, Policy and Public Affairs, Darktrace

Professor Simon Shiu

Professor, Cybersecurity, University of Bristol; and Lead, Cyber Growth Action Plan report