UK Commits £90m to Cybersecurity and Calls for New ‘Resilience Pledge’

The UK government has unveiled a £90m ($120m) injection into UK cybersecurity funding, aimed at bolstering the nation’s defenses against rising digital threats. Announced at the National Cyber Security Centre (NCSC) CYBERUK conference on April 22, Security Minister Dan Jarvis emphasized that the funds would primarily support small and medium-sized enterprises (SMEs). Alongside the financial commitment, Jarvis urged major organizations to sign a new Cyber Resilience Pledge, set to launch this summer.

Why This UK Cybersecurity Funding Matters for SMEs

SMEs often lack the resources to defend against sophisticated cyberattacks. This £90m package aims to help them adopt the Cyber Essentials standard, a government-backed certification that protects against common threats. According to NCSC data, quarterly certifications surpassed 10,000 for the first time last summer. Jonathan Ellison, NCSC Director for National Resilience, noted that uptake grew by 20% in the last financial year—the program’s best performance yet. However, he acknowledged that more work is needed to reach smaller businesses.

This investment is a step in the right direction, but critics argue it’s insufficient. James Neilson, SVP of International at OPSWAT, called the funding “nice on paper” but “nowhere near enough” to address the scale of the problem. He pointed out that many SMEs have no dedicated security teams, making it not just a funding issue but a knowledge gap. Trevor Dearing, director of critical infrastructure at Illumio, echoed this, saying businesses need “practical guidance on how to protect sensitive data and keep critical services running when incidents occur.”

What Is the Cyber Resilience Pledge?

The cyber resilience pledge is a voluntary commitment for large organizations to take three concrete actions: make cybersecurity a board-level responsibility, sign up to the NCSC’s free Early Warning service, and require Cyber Essentials certification across their supply chains. This initiative aims to create a ripple effect, encouraging better practices throughout the ecosystem. However, some experts question whether voluntary pledges will drive real change.

Board-Level Responsibility: A Key Requirement

Making cybersecurity a board-level issue ensures leadership accountability. This aligns with global trends where regulators increasingly hold executives responsible for breaches. By signing the pledge, organizations signal that cyber resilience is a strategic priority, not just an IT concern.

Supply Chain Security Through Cyber Essentials

Requiring Cyber Essentials certification from suppliers helps close vulnerabilities in the supply chain. This is particularly important given that many attacks target smaller vendors to gain access to larger networks. The NCSC’s Early Warning service, meanwhile, provides free threat alerts, helping organizations respond faster to incidents.

Critics Call for Stronger Incentives, Not Just Advice

While the government’s approach is welcomed, industry voices argue it relies too heavily on gentle encouragement. Jonathan Lee, Director of Cyber Strategy at TrendAI, told Infosecurity at CYBERUK: “The government and the NCSC are saying the right things, but we have to move from this position of gently encouraging organizations to providing some incentive.” He suggested exploring tax credits for businesses that invest in resilience, noting that “if we can incentivize people to do that, that would be a good thing.”

Currently, UK businesses developing innovative cybersecurity solutions can claim Research and Development (R&D) tax relief to reduce Corporation Tax or receive cash payments. However, this scheme is limited to tech developers, not the broader SME base that needs support. As James Neilson pointed out, “SMEs either have small security teams or none at all, so it’s not just a funding issue but also a knowledge issue.”

What’s Next for UK Cybersecurity Funding?

The £90m investment and the Resilience Pledge represent a dual strategy: immediate financial aid for SMEs and a long-term cultural shift for larger organizations. Yet, as the debate over incentives continues, the government may need to revisit its approach. For now, businesses should explore Cyber Essentials certification and consider joining the NCSC’s Early Warning service to strengthen their defenses.

In a landscape where cyber threats evolve daily, the UK’s commitment is a positive step—but whether it’s enough remains to be seen. As Jonathan Lee put it, “We’re told it’s a team sport and everyone needs to work together.” The question is whether the government’s playbook will inspire the whole team to act.

NCSC SilentGlass Device: A New Shield for Monitors Against Cyber Attacks

In a bold move to address a frequently overlooked vulnerability, the UK’s National Cyber Security Centre (NCSC) has introduced SilentGlass, a hardware device designed to protect monitors from cyber attacks. Launched at the CYBERUK conference on April 22, this plug-and-play solution actively blocks malicious signals between video cables and screens. For businesses and government agencies alike, the SilentGlass device cyber attacks prevention marks a significant step forward in securing everyday IT infrastructure.

What Is SilentGlass and How Does It Work?

SilentGlass is a compact, ready-to-use device that sits between HDMI or DisplayPort connections and monitor screens. Its primary function is to filter out unexpected or harmful data, ensuring only legitimate video signals pass through. The NCSC has approved it for high-threat environments, meaning it meets rigorous security standards.

Already deployed on government estates, SilentGlass is now available for purchase by any organization. The NCSC partnered with Goldilock Labs, a UK-based cybersecurity innovator, and Sony UK to manufacture and sell the device globally. This collaboration highlights how government intellectual property can transition into commercial products.

Why Monitors Are a Prime Target for Cyber Attacks

Monitors often handle sensitive data, making them attractive entry points for threat actors. According to the NCSC, cybercriminals may exploit weak monitor security to infiltrate networks for disruption or financial gain. The lack of mitigations in this area has left a gap that SilentGlass aims to close.

Ollie Whitehouse, CTO at NCSC, emphasized the device’s impact: “Display screens and monitors are everywhere in modern business environments, and SilentGlass will help protect previously vulnerable IT infrastructure with unprecedented ease.” This sentiment underscores the urgency of addressing the SilentGlass device cyber attacks threat vector.

The Role of Goldilock Labs and Sony UK

Goldilock Labs won a competitive contract to manufacture SilentGlass. Stephen Kines, co-founder of Goldilock Labs, noted: “SilentGlass addresses a gap that has been widely overlooked. The hardware interfaces people rely on every day have rarely been treated as security boundaries.” This partnership ensures the device is affordable and easy to deploy for critical national infrastructure (CNI) and businesses.

Similarly, Sony UK brings manufacturing expertise to scale production. The trio expects rapid global adoption by governments and risk-conscious organizations. For more on securing hardware, read our guide on hardware security best practices.

CYBERUK 2026: A Perfect Storm of Cyber Threats

SilentGlass debuted at CYBERUK 2026, held in Glasgow, Scotland. Richard Horne, CEO of the NCSC, warned of a “perfect storm” combining new technologies and geopolitical risks. This context makes the SilentGlass device cyber attacks solution timely. The conference also highlighted other UK cybersecurity innovations, reinforcing the nation’s commitment to digital defense.

In addition, the NCSC pointed to SilentGlass as a model for commercializing government IP. This approach not only strengthens national security but also boosts economic prosperity by launching UK companies onto the global stage.

How to Implement SilentGlass in Your Organization

Deploying SilentGlass is straightforward: plug it into the video port between your computer and monitor. It requires no software installation, making it ideal for high-security settings like government offices, financial institutions, and healthcare facilities. The device is designed for continuous operation, actively blocking threats without user intervention.

Furthermore, its low cost and ease of use make it accessible to small and medium businesses. For those exploring monitor security, consider reading our article on cyber threats to display screens for additional context.

Final Thoughts on SilentGlass

SilentGlass represents a practical solution to a persistent cyber risk. By targeting the often-ignored monitor interface, the NCSC and its partners have created a tool that enhances security without complicating workflows. As cyber threats evolve, such hardware-based defenses will become increasingly vital. The SilentGlass device cyber attacks protection is now available globally, offering peace of mind to organizations of all sizes.

To stay updated on cybersecurity innovations, check our cybersecurity news section. For purchasing details, visit the NCSC or Goldilock Labs websites.

CopyFail Bug Exposes Major Linux Versions: US Government Warns of Active Exploitation

A critical security flaw in the Linux kernel, known as the CopyFail bug, has triggered urgent warnings from the U.S. government. Security researchers have released exploit code that allows attackers to gain complete control over vulnerable systems. The Cybersecurity and Infrastructure Security Agency (CISA) has now confirmed that this Linux vulnerability is being actively exploited in the wild.

What Is the CopyFail Bug (CVE-2026-31431)?

Officially tracked as CVE-2026-31431, the CopyFail bug affects Linux kernel versions 7.0 and earlier. The flaw was disclosed to the Linux kernel security team in late March and patched within a week. However, the patches have not yet reached all Linux distributions, leaving many systems exposed.

The bug gets its name from a failure in the kernel’s memory management: it does not copy certain data when it should. This corrupts sensitive kernel data, allowing an attacker to escalate privileges. Specifically, a regular user with limited access can gain full root privileges on the system. As security firm Theori, which discovered the flaw, explains, a short Python script can “root every Linux distribution shipped since 2017.”

Which Linux Versions Are Affected by the CopyFail Bug?

The CopyFail bug impacts a wide range of popular Linux distributions. Theori verified the vulnerability in several major versions, including Red Hat Enterprise Linux 10.1, Ubuntu 24.04 (LTS), Amazon Linux 2023, and SUSE 16. DevOps engineer Jorijn Schrijvershof also confirmed that the exploit works on Debian and Fedora, as well as on Kubernetes, which relies on the Linux kernel. Schrijvershof described the flaw as having an “unusually big blast radius,” affecting “nearly every modern distribution” of Linux.

Enterprise and Cloud Environments at Risk

Linux powers the vast majority of data centers and cloud infrastructure. A successful exploitation of this root access exploit in a data center server could allow an attacker to compromise every application, database, and server hosted there. This could also lead to lateral movement within the network, affecting other systems.

How Does the CopyFail Bug Work and What Are the Risks?

The CopyFail bug cannot be exploited over the internet on its own. However, it can be weaponized when combined with another vulnerability that allows remote code execution. Microsoft has warned that chaining the CopyFail bug with an internet-accessible flaw could enable an attacker to gain root access to a server remotely. Additionally, a user on a vulnerable Linux machine could be tricked into clicking a malicious link or opening an infected attachment, triggering the exploit.

Supply chain attacks are another vector. Malicious actors could compromise an open-source developer’s account and inject the exploit into legitimate code, affecting thousands of devices in a single campaign. This makes the kernel security flaw especially dangerous for organizations with complex software supply chains.

What Should You Do? CISA’s Patch Deadline

Given the severity, CISA has ordered all U.S. civilian federal agencies to patch affected systems by May 15. For private organizations, the recommendation is equally urgent. System administrators should immediately apply the latest kernel updates from their Linux distribution vendor. For more on securing your systems, read our guide on Linux security best practices. You can also check our vulnerability scanning tools to identify affected systems.

In addition, organizations should monitor for unusual privilege escalation attempts and restrict user permissions where possible. The CopyFail bug underscores the importance of rapid patch deployment in enterprise environments.

As the U.S. government warns, this Linux vulnerability is not just theoretical—it is being actively exploited. Delaying patches could lead to a full system compromise. Act now to secure your infrastructure.