Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, with reference to the Cyber Security and Resilience Bill (Network and Information Systems) Bill, a) what estimate she had made of the shortage of the cybersecurity skills which will be necessary to implement and comply with the new regulations created by the Bill and b) what steps the department is taking to address skills gaps.

The Cyber Security and Resilience (Network and Information Systems) Bill was introduced in November 2025 to increase UK defences against cyber attacks. The Bill has been developed in close collaboration with regulators to ensure that they have the right information and tools they need to be supported and effective under the new framework.

This includes allowing regulators to recover all the costs of their activities under the regime so that they can be sufficiently resourced, enhancing their impact through clearer information gateways, and establishing a unified set of objectives so that regulators can better focus their resources. DSIT will also issue clear guidance to support regulators as they exercise their functions and will monitor and evaluate the new framework following its implementation to review the effectiveness of the regime, which could include regulator capability.

New regulated entities being brought into scope of the Bill are in highly technical, high skill sectors and will have guidance and support they can draw from Regulators, Government and NCSC to help them to drive up cyber maturity and effectively manage risks to the essential services they provide. To further support the development of cyber security skills, the £187 million TechFirst programme will fund up to 4,000 students, researchers and innovators entering frontier industries, and help local firms fill around 1,000 tech roles, including cyber security roles.