Coffee shops and critical national infrastructure (CNI) providers alike have been tasked by the National Cyber Security Centre (NCSC) to protect themselves against online harms. It comes as the NCSC Annual Review 2025 found ‘highly significant’ attacks to seriously impact central government, UK services, the public or economy have grown 50% – a rise for the third year.
To prevent this, the Department for Science, Innovation and Technology (DSIT) and innovation and growth company Plexal have launched the Cyber Runway CNI programme. This is in accordance with the Cyber Growth Action Plan to grow a thriving cyber security sector that enables the UK to be the safest country online, while simultaneously changing the national culture for better risk awareness and management.
Funded by DSIT and delivered by Plexal, Cyber Runway CNI has welcomed six SMEs to contribute capabilities towards strengthening the UK’s critical national infrastructure against evolving cyber threats. The CNI programme will bridge the gap between cutting-edge UK cyber innovation and the urgent security needs of sectors such as energy, water, telecoms, transportation and data centres.
Plexal and DSIT have also sourced CNI representatives holding roles such as CISO to provide direct first-hand perspectives of challenges they’re facing. CISOs will benefit from access to vetted SME solutions, understanding how they can be applied to their problem areas.
This cross-sector collaboration will provide clarity to all parties, covering a range of themes. SMEs will have access to CNI buyers, investment valuations, growth strategies and more, while CNI peers will receive innovation discovery, regulatory awareness, supply chain resilience and beyond.
Diane Gilbert, Senior Innovation Lead for Programmes at Plexal, says: “At Plexal, we understand there’s an abundance of UK cyber businesses developing powerful solutions to combat online threats but finding a route to market – especially involving large firms – isn’t straightforward. On the other side, we’ve seen so many high-profile industry attacks throughout this year, the NCSC has declared ‘cyber risk is no longer just an IT issue, it’s a boardroom priority’.
“Cyber Runway CNI is positioned to improve the resilience of organisations that are critical to a functioning British society. We’re working together with cyber SMEs and critical operations to build sovereign cyber capability. We’ll achieve this by accelerating the adoption of British security solutions across CNI sectors to enhance resilience, regulatory readiness and supply chain integrity.“
The SMEs selected for Cyber Runway CNI include:
APIContext provides an API monitoring and governance platform to help enterprises ensure performance, security and compliance across mission-critical APIs. By combining real-time visibility with automated conformance checks, APIContext empowers organisations to deliver reliable, standards-compliant APIs that build customer trust.
CloudPeek’s AI-native cloud security platform is designed to protect high-consequence organisations across government, defence and critical infrastructure. By combining agentic AI, contextual risk analysis and automated remediation, CloudPeek supports teams to detect vulnerabilities, reduce exposure and maintain compliance with speed.
Goldilock’s FireBreak cyber security solution delivers instant, remote and physical network isolation without relying on internet-based controls. By enabling organisations to proactively disconnect critical systems on demand, FireBreak eliminates attack surfaces and stops ransomware to drive cyber resilience across IT, OT and critical infrastructure.
Hacktonics introduces cyber security training tailored for industrial control systems, empowering critical infrastructure sectors to defend against evolving threats. With hands-on courses and bespoke programmes, Hacktonics connects theory and practice, ensuring resilience for water, energy and transportation networks.
KETS Quantum Security provides chip-based quantum-safe solutions, including quantum key distribution and quantum random number generators (QRNG). Designed to protect critical infrastructure, telecoms and defence against quantum-era threats, KETS delivers scalable, ultra-secure encryption systems that ensure resilience and trust in an evolving digital world.
Praeferre’s AI-powered compliance and data privacy platform simplifies regulatory governance and secure digital ecosystems for enterprises worldwide. By integrating blockchain-based consent management, real-time policy enforcement and zero-trust data flows, Praeferre empowers organisations to adopt AI safely, prevent cyber attacks and build trust through transparent, ethical data practices.
