At the end of last year, Plexal convened CISOs from the critical national infrastructure (CNI) community at BT’s Adastral Park for our CNI Needs Accelerator event. CISOs sat alongside cyber security SMEs, government stakeholders and industry for a discussion about enhancing the resilience of UK CNI.
“Now’s the time to step up in domains like critical national infrastructure and deliver economic growth and resilience for the UK as a priority because, as the NCSC reported, we’re being hit by highly significant attacks,” said Plexal CEO Andrew Roughan. “This economic growth and reinforced security will in turn create a crucial social dividend of high value jobs, equity and equality in communities we serve.”
Our event ran in alignment with our delivery of the Cyber Runway CNI programme on behalf of the Department for Science, Innovation and Technology, through which our aim is strengthening the UK’s critical national infrastructure against evolving cyber threats. We’re working to achieve this by bridging the gap between the cyber capabilities of SMEs and the security needs of sectors such as energy, water, telecoms, transportation and data centres.
Building on this mission, Plexal has assembled the CNI community once again – having hosted the Cyber Runway CNI Resilience Exchange in the cyber, technology and national security ecosystem of Cheltenham.
The purpose was to deepen cross‑sector collaboration by providing a platform to identify technology solutions, hear government policy insights and recognise how CISOs operate.
An innovation snapshot
Members of the Cyber Runway CNI cohort first showcased their innovations, which are designed to tackle key CNI problems.
- APIContext provides an API monitoring and governance platform to help enterprises ensure performance, security and compliance across mission-critical APIs.
- CloudPeek’s AI-native cloud security platform is designed to protect high-consequence organisations across government, defence and critical infrastructure.
- Goldilock’s FireBreak cyber security solution delivers instant, remote and physical network isolation without relying on internet-based controls.
- Hacktonics introduces cyber security training for industrial control systems, empowering critical infrastructure sectors to defend against evolving threats.
- KETS Quantum Security is designed to protect critical infrastructure, telecoms and defence against quantum-era threats.
- Praeferre’s AI-powered compliance and data privacy platform simplifies regulatory governance and secure digital ecosystems for enterprises.
Government cyber outlook
During the CNI Resilience Exchange, Ben Greenstone from global advisory firm Milltown Partners shared insights on the cyber state of play. He highlighted the fragmented regulatory landscape in place, with industry-specific regulations for cyber, financial services and so on to navigate. And with regulatory variants for buyers and suppliers too, this presents procurement difficulties when attempting to sell innovative services to large enterprises.
However, the government’s upcoming Cyber Security and Resilience Bill proposes new laws to improve UK cyber defences and protect essential public services.
“The Bill will deliver a fundamental step change in the UK’s national security – making essential and digital services more secure in the face of cyber criminals and state actors who want to disrupt our way of life,” says the UK Government. “Reforms will underpin greater economic stability, helping grow the economy for working people, by reducing business cost and disruption, and supporting investment.”
Although still in committee stages within the House of Commons and House of Lords, Ben pointed to elements to be aware of:
- A new class of regulated entities, such as data centres.
- Stronger government powers and larger fines to incentivise better cyber security practices.
- Movement toward a single cyber regulator.
- Greater government ability to provide cross‑economy direction.
For CNI operators and suppliers, this means renewed opportunity to shift focus beyond compliance to adopting and developing capabilities.
Observing the government’s Cyber Growth Action Plan to “turbocharge growth in the UK’s cyber sector and unlock more jobs [and] support innovation,” Ben highlighted its suggestions, which include:
- Pilot programmes enabling the National Cyber Security Centre and DSIT to qualify cyber startups and connect them to government departments.
- Mandating Cyber Essentials across supply chains to create a consistent baseline across industries.
- Procurement support for SMEs.
While regulations continue to be refined, Ben’s core message for innovators was to focus on the customer and product to ensure their immediate resilience needs are being met.
What makes a CNI buyer say yes?
Dan Jeffrey, Managing Director at Daintta and former CISO of NHS Blood and Transplant, was the next speaker. He peeled back the curtain to offer SMEs in attendance some real-world knowledge of the realities for CISOs, which aren’t always clear for businesses as they try and cut through to make sales.
For starters, he noted that, for bad and for good, CISOs will often encounter very different types of sellers from opportunistic charlatans through to strategic partners – the latter of which is, of course, what cyber SMEs should aim for. Building trust here is the key and this can be achieved if you:
- Don’t overpromise.
- Show you’re willing to share risk – penalty clauses matter.
- Provide continuous visibility, including near‑miss reporting.
- Map your product to the client’s actual needs – not just revenue opportunities.
- Constrain yourself voluntarily and say no when it’s the right answer.
Sarah Pye, Innovation Lead at Plexal, says: “In some cases, the feedback we’re getting on both sides is that slow procurement is stifling innovation – and security enhancements as a result. But CISOs are naturally risk averse, which reinforces Dan’s reasoning that building trust is essential to break down barriers.
“Plexal is going to continue delivering CISO Forum events to close the gap between SMEs and CNI organisations, recognising they wouldn’t cross paths without an intervention, with the aim of stimulating more partnerships that can enhance our national resilience and economic growth. With big organisations moving slowly and SMEs capable of producing prototypes within weeks, convening these groups is essential to unlock progress.”
