In this week’s bulletin, Charlie discusses the recent CYBERUK conference and highlights key takeaways from the conference.

This week I’ve been at the CYBERUK Conference in Manchester, and I thought I’d use the opportunity to share my impressions of the cyber industry, based on what I saw and heard at the event. As PlanB Consulting had a stand at the conference, I wasn’t able to attend all the talks—so these thoughts are mostly drawn from my observations and conversations with the exhibitors around us.

This conference is a little different to the usual vendor-led events. It’s not so sales-focused, but rather a place where the big players—Google and others—meet government agencies and senior leaders from across the industry.

One of my first impressions upon arriving was the sheer level of security: guards everywhere, police sniffer dogs, and anti-ram bollards. When I last attended two years ago, it certainly didn’t feel this elaborate. Even the networking drinks on the first night had specially built barriers to prevent car bombs or ramming incidents. Pat McFadden, Chancellor of the Duchy of Lancaster, was among the speakers—but even after he’d left, the heavy security presence remained. Clearly, the government sees cyber professionals as assets worth protecting.

Overall, I felt the cyber security industry was in good health. More than 1,000 people attended, and the exhibition featured a real who’s who of vendors, with all the big names represented. That said, one thing a few of us noticed was the lack of a ‘killer application’ or an exciting new gizmo that everyone was flocking to see. Yes, there were more AI-driven tools and secure communications platforms, but nothing that seemed to capture the imagination of the delegates. Perhaps that’s a sign of a maturing industry—where real innovation is harder to come by. Maybe quantum computing will be the next big thing, and next year we’ll all be talking about that.

In the keynote speeches and the Minister’s address, there were no major announcements, but the ongoing threat from China was reinforced. They also made the point that, because of the trade we have with China, we have to maintain relations with them. One key message—echoing what we’ve discussed on a bulletin before —was about the long-term impact of cyber incidents. On average, it takes two weeks post-attack to get any sort of working systems back in place, nine months to return to a functional state, and up to three years to fully recover. Attacks like those on M&S or Co-op quickly disappear from the headlines, but the slow and complex road to recovery continues long after.

Here are a few other points that stood out:

• For the first time, there was a real push on training and exercising—music to our ears, since that’s what we were promoting at our stand.
• SaaS usage is growing at 20% per year. Are we doing enough due diligence? Do we really understand the risks involved?
• Software and security are moving towards autonomy. One speaker warned that we soon won’t fully understand the systems we’re operating in. This is expected—but the implications are worth thinking about now.
• We need to understand what we can and can’t control.

In conclusion, the cyber industry is in good shape. But if you weren’t at the conference and were hoping to hear about a groundbreaking new tool or application—you didn’t miss anything.