On Wednesday 17th of April, key figures from across the UK cyber security landscape came together at our inaugural CNI Cyber Security Summit. The event, designed for cyber security leaders within UK CNI, addressed the latest trends, regulations, and threats affecting their organisations and how they can best increase their cyber resilience.
The summit provided a unique opportunity to bring together the entire cyber security ecosystem- including representatives from industry bodies (the NCSC), regulators (Ofgem), and leading cyber security vendors (Microsoft). A key theme that emerged from the day was the need for more open dialogue and collaboration across the cyber security space so we can work together towards a safe and secure future.
We’re proud to have helped facilitate this dialogue and, in this blog, will be sharing some of the key talking points from the day.
The Future Cyber Security Landscape
Kicking off the summit, we had Paul Kelly, Director of Security Business Group at Microsoft, present on how CNI organisations can increase cyber resilience through technological innovation. Highlighting common findings from Microsoft’s recent research and Bridewell’s own report on cyber security in CNI, he discussed the prominence of identity-based attacks, human operated ransomware, and IoT attacks. He also warned about the growing threat of AI, which is increasingly being used by threat actors, and how it presents a new and unfamiliar threat for defenders.
The role of AI in the future security landscape was also a talking point for Ollie Whitehouse, CTO at the NCSC, who presented on the imperative of real-world CNI cyber resilience. While he also warned of the threat posted by AI in the hands of threat actors, he expressed confidence in the role of AI as a force multiplier for defenders. Leveraging AI in security operations can help support organisations by outpacing adversaries, strengthening expertise, and enhancing accuracy and speed. This value of AI for defenders was reiterated by Paul Kelly and Wendy Carstairs, Senior Partner Technology Manager at Microsoft, who presented several use cases for Copilot for Security.
Sharing a regulator’s view of the future landscape, Stuart Okin, Director of Cyber Regulation at Ofgem, also discussed the need for rapid innovation in securing the energy sector. With massive changes on the horizon for how we produce and distribute energy in the UK – largely driven by the move towards net zero – he called for cyber security to be embedded at the ‘get go’ of this technological shift. He also affirmed Ofgem’s role in keeping energy companies secure as they make these changes.
How to Build Cyber Resilience in UK CNI
Alongside our guest speakers, Bridewell’s experts also took the stage and held workshops to share in-depth views of how UK CNI can improve their cyber resilience. This ranged from the value of threat-informed defence to connecting secure remote OT environments, developing secure cloud strategies, and more. In a joint session with Joseph Chmiel, Head of Security Operations and Assurance at Welsh Water, attendees also heard the need for mature security operations, how to meet CAF requirements, and guidance on achieving NIS compliance.
The event also saw a panel discussion, featuring:
- Emma Leith, Director of Consulting at Bridewell;
- Ollie Whitehouse, Chief Technology Officer, NCSC;
- Megan Poortman, Head of Cyber Security, London Gatwick Airport;
- Becky Pinkard, Managing Director, Global Cyber Operations, Barclays;
- Wendy Carstairs, Senior Partner Technology Manager, Microsoft
Discussing ‘What Don’t We Know About CNI Cyber Security Today’, the panel concluded that we are in the fortunate position that there is a lot we do know. While there will always remain gaps in our knowledge due to rapid technological innovation, a high level of vigilance and collaboration across the industry can ensure we keep pace with the threat landscape.
As we look forward to the CNI Cyber Security Summit 2025, we’d once again like to thank all our guest speakers and attendees for joining us and helping us advance the conversations around securing UK CNI.