You are here

This project examines future options for the UK government as it formulates a new Cyber Security Strategy post-2021.

Cyber Mailing List

Stay informed with regular updates from the team:

Subscribe to the Cyber mailing list

The UK is approaching a milestone in its cyber security journey. The UK’s second National Cyber Security Strategy (NCSS), established in 2016 and underpinned by £1.9 billion of investment in transformational activities, ends in 2021. After 2021, there is the possibility that cyber-related issues will be ‘mainstreamed’ within UK government and there may not be the same need for a dedicated and centrally-managed investment programme.

The project brings together a network of partners from the UK government, public sector, private sector, research, and academia. The research will:

  • Explore future options for the UK cyber security strategy
  • Consider how the UK can embed and build upon its existing work in cyber security
  • Assess the advantages and disadvantages of ‘mainstreaming’ cyber security investment
  • Evaluate future roles and responsibilities of the public sector, private sector and individual citizens in cyber security
  • Assess where future UK investment in cyber security should be distributed

Conrad Prince and James Sullivan recently published a Briefing Paper on the challenges for the next phase of the strategy, establishing findings from a series of workshops with key stakeholders from the private sector, government, civil society and the third sector. 

RUSI is conducting further primary research to inform future policy development relating future UK cyber strategy. This includes work on benchmarking the existing UK cyber strategy against other relevant national cyber strategies. Considering the above, this project will seek to explore the following research questions:

  1. What should be the role of government in an area like cyber security?
  2. What should the role of the private sector and wider society be in an area like cyber security?
  3. What should the UK’s international approach to cyber security look like?
  4. What else can be done to raise core standards in cyber security?
  5. How can the UK introduce effective policy and a strategic framework in relation to offensive cyber?
  6. What different strategic approaches are relevant nations currently taking to mitigate cyber risks? What lessons can be learned?

This project will combine literature review, stakeholder interviews, and survey methods to provide insights into national cyber strategies. This will be achieved by engagement with a global cross-section of society, including policymakers, cyber security experts, and wider society.


Sneha Dawda
Research Fellow
James Sullivan
Director, Cyber Research
Conrad Prince CB
Distinguished Fellow and Senior Cyber Adviser