UK Cybersecurity Regulatory Outlook for July 2025
The Bank of England and the Prudential Regulation Authority (PRA) have published a letter outlining the findings of the Bank of England's 2024 Cyber Stress Test (CST24). While the specific findings from the financial sector's cyber stress test were not detailed, the report highlighted thematic findings related to cyber security [1].
In a move to strengthen the UK's cybersecurity landscape, the government has launched the Cyber Growth Action Plan in June 2025. The plan, with a funding of £16 million, aims to support cyber security innovation, primarily for small to medium-sized businesses and startups. It seeks to provide smarter, affordable cyber tools, enhance cyber security skills, and increase opportunities to collaborate with growing cyber security companies [1][3]. The comprehensive recommendations and terms of reference for the broader Cyber Growth Plan, led by Bristol University and Imperial College London, are expected to be published later in the summer of 2025 [4].
Recognising the growing threat of cyber attacks, the UK government has identified cyber security as one of the six frontier industries in its Industrial Strategy. The strategy includes substantial new funding for the commercialisation of cyber research and investment in the National Cyber Innovation Centre [2]. The government's Digital and Technologies Sector Plan also includes updated methodologies for risk management, incident response, and continuity strategy implementation, as outlined in the revised standard by the British Standards Institution (BSI) [2].
The revised standard, BS ISO/IEC 27031:2025, offers companies a systematic approach to prevent, predict, and manage IT disruptions during and after cyber attacks. It takes into account the increased use of cloud IT services and the growing threat of social engineering attacks on commercial companies [2].
All firms and financial market infrastructure firms (FMIs) are encouraged to consider the implications of these findings for their own businesses, reflecting on whether planning and preparation for potential incidents can be improved [1]. The Regulatory Outlook series provides high level summaries of important forthcoming regulatory developments in various sectors, including cyber security [1].
The UK government's Industrial Strategy and the British Standards Institution's updated standard can be found online [2]. For more information about the Cyber Growth Action Plan and its expected recommendations, stay tuned for the summer of 2025.
References: 1. Gov.uk: Cyber Growth Action Plan 2. Gov.uk: Industrial Strategy and British Standards Institution 3. Cyber Growth Partnership: Cyber Growth Action Plan 4. Tech Nation: Cyber Growth Partnership
- The government's Industrial Strategy, which identifies cyber security as a frontier industry, includes substantial funding for the commercialisation of cyber research, aiming to support innovation in cybersecurity, particularly for small to medium-sized businesses and startups.
- In the financial sector, all firms are encouraged to consider the implications of the Cyber Stress Test findings, reflecting on whether their planning and preparation for potential cyber incidents can be improved, as part of a move to strengthen the UK's overall cybersecurity landscape.
