Go Back Up

All Insights

Controlling the controllables - key takeaways from CYBERUK

Cyber Security • May 15, 2025 • Written by: Gareth Jones • Read time: 3 mins

CYBERUK 2025 in Manchester highlighted a crucial shift towards proactive cyber resilience in an increasingly interconnected world. Key discussions centred on moving beyond purely defensive strategies to focus on the ability to absorb and recover from inevitable cyber incidents. A major theme was "controlling the controllables" – prioritising internal security measures and best practices while preparing for external threats.

The event underscored the escalating sophistication of cyber threats, particularly with the rise of AI-enhanced attacks. Intelligence suggests AI will increase both the frequency and intensity of these threats, demanding a more agile and intelligent response, and supply chain security also remains a critical focus, emphasising the interconnectedness of systems and the need for vigilance across all partners.

To bolster this resilience, the NCSC has launched new assurance initiatives. These schemes likely incorporate a Principle Based Assurance (PBA) approach. PBA focuses on achieving desired security outcomes and adhering to overarching security principles rather than strictly complying with a checklist of specific controls. This allows for greater flexibility and context-specific implementation, promoting innovation and adaptation as the threat landscape evolves. Key benefits of PBA include:

  • Flexibility and adaptability: organisations can tailor their security measures to their specific context.
  • Focus on outcomes: the emphasis is on achieving real security improvements rather than simply ticking boxes.
  • Encourages deeper understanding: it promotes a more thorough understanding of security risks and how to mitigate them effectively.
  • Supports innovation: organisations have more freedom to adopt new technologies and approaches as long as they meet the underlying security principles.
  • Long-term effectiveness: by focusing on fundamental security goals, it can lead to more sustainable and robust security practices.

Navigating this evolving landscape and implementing effective cyber resilience, especially through a principle-based approach, can be complex.

At Methods, we partner with organisations to understand their unique challenges and build tailored security strategies that truly enhance their resilience. We believe in a proactive and adaptable approach, aligning with the key themes of CYBERUK 2025 and the principles underpinning the NCSC's new assurance initiatives.

Several key challenges within UK cyber security align with these takeaways.

Firstly, building true cyber resilience requires a holistic approach that extends beyond technology to encompass people and processes. Secondly, keeping pace with the evolving threat landscape, especially AI-driven attacks, demands continuous learning and adaptation. Thirdly, addressing supply chain vulnerabilities necessitates greater collaboration and standardisation across the ecosystem. Finally, more advanced controls like multi-factor authentication and incident response planning still need wider adoption across the board.

Ultimately, CYBERUK 2025 reinforced that effective cyber security in the UK requires a proactive, resilience-focused mindset, strong collaboration, and a commitment to continuous improvement, supported by initiatives like those from the NCSC and expert partners like Methods, to counter the ever-evolving threats. 

Be safe!