Header image

The Interrelationship Between Cybersecurity and Business Resilience: A New Policy Imperative

New cybersecurity and resilience think tank launches with clear aims.


At the start of December, SC UK attended the launch of a new think tank, aiming to make a change in government policy around the considerations of cybersecurity and business resilience.

In fact that organisation has named itself the Center for Cybersecurity and Business Resilience (CSBR), and at its launch, chief executive James Morris said “cybersecurity and resilience underpin everything that we do” in business.

Coalition Government

Speaking at the launch at the House of Lords, Morris - a former Conservative member of Parliament for Halesowen and Rowley Regis - said when the coalition government produced the first cybersecurity strategy, the international social political context was very different to what we face today.

“It feels like a kind of golden age from the past, and the cybersecurity strategy has been developed and iterated and changed and there have been subsequent strategies, but the macro environment we face today is uniquely challenging,” he said.

With cybersecurity and business resilience now inextricably linked, the CSBR aims to shape policies that will strengthen cybersecurity and resilience across sectors, ensuring that businesses, governments, and individuals can navigate a world fraught with uncertainty and risk.

Morris said at the launch that the CSBR is “essentially sitting at the centre of a network and we want to collaborate and influence business, whether that's large, corporate transnational businesses or small businesses.”

He said: “We want to collaborate with academia where there's lots of vital research happening in this area. We want to interact with the broader policy making community government, not just in the UK, but around the world in order to face up to the big challenges.”

First Policies

Speaking of challenges, the first policies that the CSBR aims to tackle are around AI and healthcare, and of course cybersecurity and business resilience. The Cyber Security and Resilience Bill was announced by the Government as part of September’s King's Speech, and Murray called it “a major intervention to update the law around cyber and resilience.”

He said: “We want to bring experts together to make recommendations so that when published, the Bill will meet current and, critically, future challenges. We’ll be considering issues such as what might be missing from the bill and how we anticipate it might need to be strengthened.”

He admits that by having this debate about its contents now, he hopes it will reduce the later possibility of a Bill that doesn’t quite fulfil either its needs or its potential.

The other policy programme that has been announced for Q1 2025 is around AI and healthcare, and how the healthcare system can be infused with AI to maximise the impact on efficiency and productivity - but without compromising governance and data security. 

Murray said: “What changes need to be made? What approach should the Government be taking? How does the UK compare to other countries?  What issues does the use of AI in healthcare raise for cybersecurity in the NHS in general and for data security in particular? By bringing together top experts who can answer questions like these, and then making their knowledge available to the powers-that-be, we hope to help accelerate the successful, secure introduction of more AI into our NHS.”

At the launch event, Murray said “getting it right on cybersecurity and resilience is absolutely critical to our economic resilience” as well as to our social resilience, and to our national security.

He admitted that the discussion should not be purely technical, but be both a business discussion and an existential discussion “about how we protect citizens and allow them to live what kind of life they want to live.”

Operating Points

We asked what the CSBR plans to operate with parliament and affect policy? Speaking to SC UK, Murray says the way he sees the centre starting is by producing a whitepaper, and creating discussion points which need to be addressed.

“So for example with AI and healthcare, it's about what the implications are for the NHS to get AI working in different ways to improve efficiency, and what are the implications for that around your individual systems,” he says. From this, a diverse group will be brought together to offer different perspectives on the problem, and that will be used to determine common points.

“Then from all of that, we will produce specific policy recommendations which we will take to the All-Party Parliamentary Group (APPG), and to individual MPs who want to take it forward.” 

This will formulate opinion on these policies, where CSBR can say “this is our perspective, these are our recommendations, we think you should be looking at this.”

He says: “We want to influence parliamentary opinion, we want to influence a policy making view, we want to get business engaged in the discussion. It's seeking to influence opinion on a number of different levels within Parliament because getting people to talk about it in Parliament is an important way of getting ideas and getting policy recommendations onto the agenda.”

It has certainly been the case in the past that cybersecurity think tanks have affected the way we work: the Jericho Forum is a great case in point. With the CSBR, it is advocating for a cybersecurity and resilience policy that is dynamic, forward-thinking, and aligned with current technological advancements.

Also the CSBR is dedicated to fostering public dialogue about cybersecurity and business resilience, aiming to ensure that the policies developed are not only technically sound but also widely understood and supported by the public.


Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

No events found.