Issue 6: Learning from Cyber Incidents
This sixth edition of the UK Resilience Lessons Digest is the first the series to be brought to you by the UK Resilience Academy (UKRA). Presented in its new improved format, the Digest continues to deliver on the central government commitment to synthesise and share lessons from exercises and emergencies. This edition has a thematic focus on learning from cyber incidents and includes a foreword by Jonathon Ellison, Director of National Resilience, National Cyber Security Centre.
The relevance and timeliness of a cyber-focussed Digest edition was impressed by the publication of the National Cyber Security Centre’s (NCSC) Annual Review 2024. This revealed that in the period from 1 September 2023 to 31 August 2024- the NCSC Incident Management (IM) team received 1,957 reports of cyber attacks. Of those incidents, 89 were nationally significant and 430 required direct support from the NCSC IM team. Compared to data from the previous review in 2023, there was also a three-fold increase in attacks ranked at the top of the NCSC severity scale.
Speaking at the launch of the review in December 2024, Richard Horne, Chief Executive Officer of the UK’s National Cyber Security Centre (NCSC), affirmed that this reflected the “increased…frequency, sophistication and intensity” of hostile activity in UK cyberspace.
Learning Analysis
A combined total of 100 findings, lessons and recommendations from significant cyber incidents between 2017 and 2023 were brought together for analysis. Across the reports, audits, reviews, and case studies reviewed there were six dominant learning themes:
- Theme 1: Cyber security and hygiene
- Theme 2: Planning and preparedness
- Theme 3: Cyber incident management
- Theme 4: Challenges in recovery
- Theme 5: IT Infrastructure
- Theme 6: Cyber governance
The lessons collectively emphasised cyber resilience as a shared responsibility. They also highlighted the important role that every individual plays in strengthening it, for example through the application of basic cyber hygiene measures such as the timely installation of software updates, and password protections.
Shared experience, knowledge and insights
Learning from Cyber Incidents is supplemented by a range of supporting articles, to help the resilience community navigate the UK’s cyber security landscape, learn from lived experience, and build resilience against evolving digital threats.
These include:
- An Introduction to Cyber Resilience, providing a helpful explainer on common cyber terms, the nature of cyber risk, and the characteristics of cyber attacks.
- An article on Minimising Cyber Impact in Local Government, from Councillor Alex Coley, Local Government Association
- Practical insights and top tips for ‘Building resilience against AI-enabled deception’ by Di Cooke, Fellow at the Centre for Strategic International Studies (CSIS), Kings College London
- Reflections from lived experience of managing a cyber incident, form our very own Senior UKRA Associate, Adam Bland.
About UK Resilience Lessons Digest
The Digest is part of a programme of work at the Cabinet Office Emergency Planning College (EPC) to synthesise lessons learned from all major exercises and emergencies. It has been deliberately designed to support our processes of learning lessons in three ways:
Summarising transferable lessons and themes from a wide range of relevant sources
Sharing lessons across responder organisations and wider resilience partners
Coordinating knowledge to drive continual improvements in doctrine, standards, good practice, training and exercising
