Filter resources

Blog

CYBERUK brought together the UK’s cyber security experts – here’s what they were talking about

The end of April saw NCSC mark its 10th anniversary with its hosting CYBERUK – a major cyber security conference that draws together over 2,500 leaders and professionals in the space. As one of the flagship events of its type in the UK, it presents a valuable opportunity to gain insight into the topics and discussions that are top of mind for those at the forefront of cyber security.

6 minutes read

CYBERUK brought together the UK’s cyber security experts – here’s what they were talking about – featured image

Key takeaways:

  • Ongoing geopolitical uncertainty underlines the need for a security baseline
  • Traditional defences still work against emerging technologies
  • Anthropic’s Mythos is impressive – its marketing even more so
  • Effective vulnerability management relies on a targeted approach and smart automation
  • New and existing challenges must be faced head-on to ensure we’re not burying our heads in the sand

Attending CYBERUK as one of Conscia’s cyber security specialists, Peter Jones took the opportunity to listen to the keynote sessions and engage in individual conversations with attendees and exhibitors. Over the course of the event,  a number of common themes became apparent – helping to paint a picture of the cyber security industry at large, its concerns in the present, and where our attention should be focused going forwards.

How geopolitical uncertainty is reshaping cyber security strategies

The event’s keynote sessions focused on the increasing geopolitical uncertainty we’ve been seeing in recent years – and ramping up again in the past few weeks – and its effect on the broader cyber security landscape. In order to protect national infrastructure and assets, it was emphasised, certain steps must be taken:

  • Critical national infrastructure (CNI) and public sector organisations must be required to meet a baseline level of cyber security maturity.
  • This should be validated by an NCSC-assured assessor, rather than rely on self-reporting.
  • To ensure adherence, such a baseline would ideally become mandatory for these organisations in the coming months.

Given the increasing maturity and threat from foreign state actors, such a move is critical – though the organisations themselves will likely need substantial guidance to be able to meet the requirements.

Data sovereignty was another prominent theme, dovetailing with the concerns around global unrest. Primarily focusing on enabling secure, controlled data sharing capabilities with allied nations, it was a frequent touchstone across both the keynotes and individual exhibitor discussions. The digitisation of our data has already delivered substantial social and economic benefits for areas such as healthcare and government, but without the strong protections that data sovereignty delivers, we increase the likelihood that this same data will be stolen or leaked, leading to its potential exploitation for economic, political, or social gain.

Traditional security controls still work against AI attacks – with one key addition

At any cyber security conference, there will naturally be extensive discussion on the nature and scale of attacks that organisations are currently facing. In the last couple of years, AI has enabled attackers to automate large parts of their attack chain, supercharging the number and size of attacks that any one actor can conduct at one time. However, while the increase in size and scale of the attacks is noteworthy compared to what we were seeing just a few years ago, it’s equally important to stress that that nature of the attacks hasn’t changed, and the same traditional defences remain effective.

Despite the evolution of AI-assisted cyber attacks, the following best-practice principles remain important cornerstones to any effective defence:

There is, however, one key addition to note: in the same way that it has supercharged cyber attacks, automation is now also a vital part of an organisation’s defence in order to keep up with the speed of modern threats.

CYBERUK was also held shortly after the AI startup Anthropic announced its Claude Mythos model would be withheld from public access due to the concerns that its abilities could post a threat to global cyber security. Given the international press this announcement was given, Mythos’ reported capabilities were a frequent topic of conversation at the event. That said, the takeaway should perhaps be around the efficacy of Anthropic’s marketing more than its models – while Mythos has uncovered previously undiscovered vulnerabilities in widely used software, in real-world environments there are often more straightforward attack vectors that would be targeted instead. As offensive security specialist Jameison O’Reilly put it to The Guardian, “We have spent over 10 years gaining authorised access to hundreds of organisations – banks, governments, critical infrastructure, global enterprises […] the number of times we needed a zero-day vulnerability to achieve our objective was vanishingly small.”

The bottom line is that the dangers of AI-aided cyber attacks are very real, but – for the moment at least – they continue to follow the same rulebook as traditional attacks, and so can be stopped with the same defences.

Vulnerability management is moving away from blanket patching

The talk around Mythos’ unearthing of new zero-day vulnerabilities naturally segued into conversations around vulnerability management in general. It’s now more important than ever to maintain a clear and accurate understanding of your entire estate and all connected assets. In addition, it was suggested to move away from blanket patching all CVEs rated 7 and above, in favour of risk-based vulnerability management – a more targeted approach that prioritises vulnerabilities that are both exposed and exploitable.

With automation becoming increasingly essential to achieve the speed required for effective patching, a reliance on manual processes means that organisations can be left exposed – particularly as vulnerabilities can be exploited and backdoors established almost immediately after disclosure.

Facing challenges head-on

While the individual concerns were reflective of the fast-paced and evolving nature of the cyber security industry, an overarching theme for the event could be summed up by attendee Margaret Heffernan in her highly regarded 2011 book Wilful Blindness: “You cannot fix a problem that you refuse to acknowledge.” The specific pressures and priorities of CYBERUK may evolve year on year, but identifying, acknowledging, and confronting an issue is the only sure-fire approach to tackling it effectively.

Frequently asked questions

What is CYBERUK?

Hosted by the NCSC, CYBERUK is the UK government’s flagship cyber security event, with over 2,500 attendees attending each year. This year’s theme was ‘The next decade accelerating our cyber defence’.

How are AI-assisted attacks different to traditional ones?

While methods of cyber attack constantly evolve – whether AI-assisted or not – at present the major differences between the two are a matter of speed and scale, thanks to the automation that AI enables. Underneath the hood, however, the attacks continue to rely on the same weaknesses as most common cyber attacks – and can be defended against in the same way.

What is risk-based vulnerability management?

Because the Common Vulnerability Scoring System (CVSS) is based solely on the technical characteristics of the vulnerability, basing decisions solely on these scores can lead to an overwhelming number of vulnerabilities – many of which may not present a direct business risk to the individual organisation.

Rather than patching based on the CVSS score, risk-based vulnerability management prioritises instances where vulnerabilities are exposed, exploitable, and would have a direct business impact.

Why is data sovereignty important in cyber security?

Where data is created, processed, and stored ultimately dictates which nation’s rules and regulations it is subject to – an important consideration as systems are increasingly based in the cloud. By maintaining data sovereignty, organisations can ensure that their data remains subject to that country’s laws around cyber security, data privacy, and more.

Peter Jones

Cyber Security Specialist, CISSP, CISM, CCSP

Peter Jones is a Cyber Security Specialist at Conscia UK.  He has been in the IT industry for over 30 years, providing consulting and advisory services to both Commercial and Public Sector Accounts throughout Europe. Having previously worked for both Cisco and Microsoft, Peter combines professional and academic achievements with real world experience to support our UK business. He currently holds CISSP, CISM and CCSP certifications. 

Recent Blog posts

Related

Resources

Video

May 7, 2026

Strengthening identity security: Achieving real results with Microsoft tools – Webinar

Event

June 17, 2026

IGPP Annual Cyber in Government Conference and Exhibition 2026
Collaboration Networking Operational Technology Security Smart Workspace

Event

June 23, 2026

Jisc Networkshop 2026

Video

May 5, 2026

Lunch & Learn: From shadow AI to responsible innovation – Webinar
Security

Event

June 4, 2026

Lunch & Learn: Q-Day may be closer than you think
Security

Event

May 6, 2026

Strengthening identity security: Achieving real results with Microsoft tools
Security

Event

April 23, 2026

Lunch & Learn: From shadow AI to responsible innovation

Threat Intelligence newsletter:
We stop threats before they stop you

Sign up for our weekly newsletter