Cyber resilience is something no business in Wales can afford to ignore. It’s not just a concern for the big players: a recent survey suggested that 72% of UK small businesses had experienced cyber crime during the previous two years. What’s more, instances of computer misuse rose by 89% during the Covid-19 pandemic, as many businesses ramped up their digital presence.
The financial consequences of a breach can be severe: 30% of small businesses reported that cyber crime had cost them more than £1,000 over the last two years. According to UK Government figures, the average cost of a single breach is around £1,100 – rising to £4,690 for medium and large businesses.
Cyber attacks can disrupt critical data and assets, impacting continuity and causing reputational damage. Businesses also face statutory penalties if they fail to take adequate security measures to protect data held on behalf of third parties, such as customers or suppliers.
Although threats are always evolving, most cyber attacks are relatively unsophisticated. Phishing – using scam emails, messages or phone calls to steal sensitive information – accounts for around nine in ten incidents. Achieving a basic level of protection need not be costly or complex, and a wealth of expertise to help you achieve this is available in Wales.
In 2023, the Welsh Government published the Cyber Action Plan for Wales – a shared statement of ambition, involving different sectors and stakeholders, to help Wales prosper through cyber resilience, talent and innovation.
The Plan outlines four priorities: growing Wales’ cyber security ecosystem, building a pipeline of cyber talent, strengthening cyber resilience and protecting public services.
The Welsh Government works closely with cyber security bodies within the country – such as the Cyber Resilience Centre for Wales – and outside its borders, sharing information and best practice. It maintains links with organisations including the UK Government, the UK National Cyber Security Centre, and law enforcement bodies throughout Britain and beyond.
Over the past two decades, Wales has developed a thriving cyber security ecosystem. Pete Burnap, Professor of Data Science and Cyber Security at Cardiff University and Director of Wales Cyber Innovation Hub, says: “We have a strong set of anchor tenants. Airbus, Thales, PwC and CGI are massive companies with a presence in South East Wales.
“Wrapped around these prime contractors are many other businesses: spin-out companies from academia, and around 60 SMEs specialising in cyber security. Our cyber cluster is continuing to grow and prosper.”
Businesses can find expertise across all sectors of cyber security within Wales, but there are three areas of particular strength. The first is in protecting operational technology (OT) – systems that control physical processes in manufacturing, power generation and other critical infrastructure. This has gained critical importance as more OT becomes connected to external networks (the ‘industrial internet of things’) and vulnerable to attack.
Wales is also recognised for its breadth of expertise in threat intelligence, monitoring, detection and analysis. A third specialism is in the human and behavioural side of cyber security – addressing the fact that cyber attacks exploit vulnerabilities in people as well as technology.
A strong culture of collaboration is key to the sector’s success. Well-established networks connect business, academia, law enforcement and defence. Umbrella organisations such as Cyber Wales ensure knowledge and ideas percolate freely through the industry, via clusters – informal networking groups – and a range of events and competitions.
Cyber Wales belongs to the UK Cyber Cluster Collaboration (UKC3) initiative, which funds and supports regional clusters and encourages collaboration across the United Kingdom. It is also a founding member of GlobalEPIC, a worldwide network cyber security communities.
The need for a diverse cyber ecosystem is well recognised in Wales. Industry surveys suggest women are still significantly under-represented in the workforce. Women in Cyber Wales is an organisation helping to address this imbalance, providing networking and mentoring opportunities as well as regular events.
Wales’ universities are vital nodes in the cyber ecosystem. They run highly regarded degree courses, host dedicated cyber research centres, and collaborate with leading businesses both inside and outside Wales. Cardiff University and the University of South Wales are among the few UK institutions recognised as Academic Centres of Excellence by the UK National Cyber Security Centre.
Among the most successful joint ventures is the National Digital Exploitation Centre (NDEC) – a partnership between Thales and the University of South Wales to develop talent, support local businesses and raise levels of cyber awareness. Another is Endeavr, bringing together the Welsh Government and Airbus Defence and Space in Newport, with the participation of Cardiff University, who represent the University sector in Wales, to develop innovative ideas for market. Both initiatives receive Welsh Government funding.
Prof Burnap says: “These are two very good examples of collaboration. The long-term partnership between Cardiff University and Airbus has led to new research being spun into the business, PhD students getting jobs at Airbus, and others using work placements as a springboard to jobs at other companies like PWC. The University of South Wales and Thales are involved in early-years education, making schoolchildren aware of cyber security.”
Home | Airbus Endeavr Wales - Accelerating the Welsh Economy
Also at the University of South Wales, the National Cyber Security Academy trains tomorrow’s front-line cyber specialists. Its degree courses encourage students to hone their skills on live projects, leading to qualifications accredited by the National Cyber Security Centre.
In terms of research, Cardiff University has the Centre for Cyber Security Research and the Airbus Centre of Excellence in Cyber Security Analytics. CYTREC, Swansea University’s Cyber Threats Research Centre, is a specialist cyber crime and cyber terrorism unit within the Hillary Rodham Clinton School of Law.
As well as making Wales more digitally resilient, a strong cyber ecosystem brings significant benefits to the nation as a whole. It contributes to economic growth, supports job creation across many high-value sectors, and helps Wales attract, develop and retain talent.
“Everyone benefits from this kind of innovation,” says Prof Burnap. “Investment in cyber security helps to upskill people in other vital sectors, such as fintech, manufacturing and medicine. Businesses become more resilient, and the cyber sector grows. It’s a great story.”
