The National Cyber Security Centre’s (NCSC) Annual Review is one of the most significant updates in the UK cyber landscape. It’s the government’s yearly statement on the threats, priorities and progress shaping national resilience.
This year’s message was clear: it’s time to act. CyberSmart recently hosted a webinar breaking down what the review means for UK businesses and their MSPs. We cover the main points below.
Ten years ago, the biggest challenge in cybersecurity was awareness. Many organisations didn’t understand the risks; compared to today, everyone is aware, but not everyone is acting on it.
Cyber incidents now dominate headlines, and the financial consequences are impossible to ignore. When major retailers are losing hundreds of millions to cyberattacks, it’s clear that no organisation is immune, and the conversation has shifted from IT teams to boardrooms. The NCSC review reinforces that shift: cyber is now a board-level issue.
The NCSC’s analysis paints a mixed picture. Ransomware remains the most persistent and costly threat to businesses, and state-sponsored activity has become more evident, with government warnings explicitly naming nation-state actors.
Then there’s AI rapidly changing the game, while it has lots of promises to enhance cyber defences, it’s also empowering attackers to scale up their operations. Generative AI is being used to create convincing phishing campaigns and automate social engineering, which is making cybercrime more accessible than ever.
The easy spread and reuse of hacking tools is another growing concern, alongside the rise in data harvesting for future decryption once quantum capabilities mature. All these trends reinforce one thing: the threat landscape is accelerating faster than most organisations can keep up.
What we’re now seeing is that the government is moving from guidance to governance, with FTSE 350 CEOs and Chairs receiving direct letters from ministers urging them to act now. New initiatives like the Early Warning Service, the Cyber Governance Code of Practice and an expanded Cyber Essentials (CE) programme all signal a clear direction of building resilience through accountability.
For MSPs and their customers, the requirement for Cyber Essentials certification across supply chains is especially significant. Hundreds, if not thousands, of UK businesses will soon find themselves required to demonstrate compliance as a condition of doing business. The takeaway is simple: Cyber hygiene is becoming a contractual necessity, not a competitive advantage.
One of the more striking points in the NCSC report was how MSPs were framed primarily as potential risks within supply chains, but that narrative doesn’t tell the full story.
Here at Brigantia and CyberSmart, we see MSPs not as vulnerabilities but as the bridge to better security. MSPs are uniquely positioned to help clients achieve, maintain and evidence resilience. They’re the ones implementing Cyber Essentials, monitoring compliance and driving cultural change.
CyberSmart’s platform enables MSPs to deliver these outcomes efficiently by combining automated compliance, continuous monitoring, and actionable insights. By embedding CE as a managed service, you’re not just ticking a box; you’re creating a foundation for long-term trust and recurring revenue
The Cyber Security and Resilience Bill is set to introduce new regulatory expectations for MSPs, with around 1,000 providers likely to fall under its initial scope.
CyberSmart is already developing tools aligned with the Cyber Assessment Framework (CAF) to help partners navigate this regulated environment. Enhanced APIs and integrations will make it easier for MSPs to tie compliance into existing workflows, from RMM to ticketing systems, so that risk management becomes part of everyday operations rather than a separate task.
As MSPs move into this new regulated space, automation, standardisation, and evidence-based reporting will be key. That’s exactly where CyberSmart and Brigantia can help.
It's easy to look at the NCSC’s findings and feel discouraged, but there is another way to see them. The heightened focus on cybersecurity presents a unique opportunity for MSPs to lead the next phase of resilience across the UK business landscape.
By combining CyberSmart’s platform with Brigantia support and expertise, MSPs gain everything they need to help clients move from compliance anxiety to confidence. Together, we can shift the conversation from “how do we avoid being attacked?” to “how do we prove we’re resilient?”
If you’re an MSP looking to help your customers achieve Cyber Essentials, demonstrate resilience or prepare for upcoming regulatory change, Brigantia can help.
Our team works closely with CyberSmart and is here to provide the support and guidance you need to grow your managed compliance offering and keep your customers secure.
Get in touch with us to find out more, or head to our CyberSmart page for further information.