BCS MEMBERSHIP

Nav Image Membership (1)

Join the global and diverse home for digital, technical and IT professionals.

CHARTERED IT PROFESSIONAL

Nav Image CITP (1)

CITP validates technical expertise and professional behaviours in the tech industry

STARTING YOUR IT CAREER

Nav Image IT Careers White (1)

Kick-start a career in IT, whether you're starting out or looking for a career change.

SOFTWARE TESTING CERTIFICATION

Nav Image Digital Skills

Over 100,000 professionals worldwide are certified with BCS.

ESSENTIAL DIGITAL SKILLS

Nav Image Software Certs

Improve your digital skills so you can get on in today's workplace.

EVENTS CALENDAR

Nav Images Events Calander

View all of our upcoming events.

ARTICLES, OPINION AND RESEARCH

Nav Image Articles

The latest insights, ideas and perspectives.

IN FOCUS

BCS MEMBERSHIP

CHARTERED IT PROFESSIONAL

STARTING YOUR IT CAREER

SOFTWARE TESTING CERTIFICATION

ESSENTIAL DIGITAL SKILLS

EVENTS CALENDAR

ARTICLES, OPINION AND RESEARCH

IN FOCUS

On Tuesday 3rd June BCS, The Chartered Institute for IT held a roundtable in Portcullis House, House of Commons with the All-Party Parliamentary Group for Cyber Innovation, exploring how small and medium-sized enterprises (SMEs) can best protect themselves from cyber incidents.

There were representatives from across industry, academia, and government who had a thriving discussion that covered the following.

The Cybersecurity Skills Gap

Participants agreed that while many graduates possess solid technical skills, they often lack real-world experience. Employers - particularly in small to medium-sized enterprises (SMEs) - are hesitant to invest in training early-career professionals, citing resourcing pressures and a lack of internal expertise.

There were calls for:

  • Greater employer support for graduates and new entrants.
  • Increased capacity at the National Cyber Security Centre (NCSC) to support skills development and industry partnerships.
  • Exploration of social value frameworks to compel larger organisations to support digital skills development and community training programmes.

Challenges for SMEs

Many SMEs are unaware of the extent of their reliance on IT and digital infrastructure, and therefore underestimate their cyber risk.

The discussion highlighted that:

  • SMEs with national or strategic significance may remain under the radar, making it difficult to target support or regulation.
  • IT roles in SMEs are often informally assigned, with the "most tech-savvy person" responsible for critical systems.
  • A cultural and capacity shift is required to recognise cybersecurity as a core business function, not an ancillary service.

Participants suggested a potential "Cybersecurity Buddy System", where larger organisations or cyber-capable charities could provide mentorship, guidance or shared services to SMEs and voluntary sector organisations.

For you

Be part of something bigger, join BCS, The Chartered Institute for IT.

Role of Outsourced Cyber Providers

Outsourced cybersecurity companies were likened to general practitioners (GPs): they are often the first line of defence but should be better connected to specialist services. 

There was support for a regulated model that ensures:

  • A baseline standard of service.
  • Clear escalation pathways to expert support in high-risk incidents (e.g. ransomware).
  • Better-informed procurement choices for SMEs.

This approach would raise the industry bar and shift expectations, prompting SMEs to actively question the quality and credentials of the services they use.

Making the Risk Clear and Actionable

The need for clearer, simpler messaging was a recurring theme. Suggested approaches included:

  • Government-backed public messaging campaigns, akin to past national security awareness efforts.
  • A strong emphasis that basic cyber hygiene doesn’t have to cost anything.
  • Use of social value commitments and market differentiation as drivers—particularly in supply chain risk management.
  • A "one-stop shop" - similar in simplicity and accessibility to HMRC’s self-assessment service—was suggested as a way to cut through inertia and guide SMEs step-by-step through cyber preparedness and response.

Embedding Cyber Support at Inception

Roundtable attendees proposed that cybersecurity advice should be integrated into the early stages of business creation. This could include:

  • Embedding cyber advice into the process of company registration with Companies House or HMRC.
  • Linking startup resources with national cyber best-practice materials and support networks.

Thanks to Daniel Aldridge MP, Chair of the APPG, for hosting and chairing the roundtable, and if you are interested in collaborating with BCS on cyber in the future please contact Head of Policy, Dan Howl, dan.howl@bcs.uk.

Topics

Computing in society

Related

Article

Euclid space telescope unveils deep glimpse into the universe

10 days ago
Article

Study: DNA sequencing technology vulnerable to cyberattacks

17 days ago
Article

BCS appoints Sharron Gunn as Group Chief Executive

18 days ago