The UK’s aerospace, defence, security, and space sectors sit at the heart of national resilience — and in the crosshairs of increasingly sophisticated cyber adversaries. The recent cyberattacks on Jaguar Land Rover (JLR) and Collins Aerospace are stark reminders of the vulnerabilities that ripple through complex supply chains. JLR was forced to extend a production pause as forensic investigations continued, while Collins Aerospace’s compromised check-in systems caused widespread disruption at Heathrow, Berlin, and Brussels airports, highlighting the cascading impact of a single breach across borders.

Against this backdrop, the UK government’s Cyber Growth Action Plan 2025 and the latest Cyber Security Skills in the UK Labour Market report provide both a roadmap and a reality check. Together, they underscore the urgent need for a joined-up approach to cyber resilience — one that blends policy, skills, and innovation.

The Industrial Strategy and the Cyber Growth Action Plan 2025 positions cyber security as a “frontier technology” critical to the UK’s economic and national security prosperity. The plan emphasises stimulating informed demand for cyber solutions across sectors, strengthening regional cyber clusters to foster innovation and collaboration, and aligning cyber growth with emerging technologies, particularly AI, which is rapidly reshaping both attack and defence landscapes.

For organisations in the aerospace, defence, security and space sectors, this means moving beyond a compliance-driven approach to increasingly embed cyber as a strategic and commercial enabler. The Cyber Growth Action Plan also stresses the importance of — leveraging the UK’s existing network of regional cyber hubs to accelerate capability development throughout the United Kingdom.

While the sector continues to grow, the skills gap remains a critical vulnerability for the UK, and our allies. The 2025 labour market report reveals that 143,000 individuals are employed in cyber roles, with a 5% increase year-on-year. The workforce gap has stabilised at 3,800 professionals, down from 11,100 in 2023, but still significant. Almost half of UK businesses report basic technical skills gaps, and nearly a third cite advanced gaps. Diversity remains a challenge: women represent just 17% of the UK’s cyber workforce, dropping to 12% in senior roles. AI is a double-edged sword: 65% of firms expect demand for AI skills to grow, yet only 42% provide AI training.

For sectors and businesses where cyber security and technological advancement is mission-critical (and let’s face it – where is this not mission-critical?), these figures are sobering. The shortage of advanced skills — particularly in areas like secure systems engineering, threat intelligence, and AI-driven defence — could slow the adoption of next-generation technologies and weaken our future resilience.

The recent attacks illustrate a hard truth: cyberattacks rarely respect organisational or national boundaries. A single compromise in a shared platform can paralyse critical national infrastructure, most recently multiple airports and airlines. Similarly, JLR’s production halt shows how operational technology environments remain prime targets for disruption.

For companies in our sectors, this reinforces the need for robust supply chain assurance, security and resilience by design, and active participation in sector-wide threat intelligence networks to accelerate detection and response, as well as sharing of best practices in incorporation of emerging technologies. In this light ADS recently launched our monthly Cyber Threat Intelligence Briefings, which is similarly, our Business Impact series explores how emerging technologies impact on business operations in our sectors. Forthcoming international engagements are focussed on international partnerships as well, such as our Cyber and Digital Trade Mission to Australia in November 2025 where, amongst other engagements, we will be sharing UK best practises that can reinforce Australia’s nation-wide cyber security posture, not to mention the importance of the learnings we will get from our Australian counterparts and colleagues. .

The UK’s National Cyber Security Centre’s ambition is for the UK to be the “safest place to live and work online” hinges on collaboration between government, industry, and academia. This ambition is echoed across the halls of government. For business leaders in the aerospace, defence, security and space sectors, the call to action should be clear:

  1. Invest in skills pipelines through apprenticeships and reskilling programmes aligned with the UK Cyber Security Council framework.
  2. Champion diversity to unlock untapped talent pools and bring fresh perspectives to complex challenges.
  3. Embed cyber in board-level risk discussions, reframing it as a growth enabler rather than a cost centre.
  4. Finally, strengthen partnerships across the national and international ecosystem—because resilience is not built in isolation.

To further reinforce this call to action, the forthcoming refresh of the National Cyber Strategy is likely to prioritise resilience over rhetoric, moving beyond “cyber power” to focus on secure-by-design principles, cohesive frameworks, and a modernised threat model. It aims to strengthen public-private collaboration, streamline standards, and enhance international alignment—ensuring security underpins innovation and economic growth in an evolving digital landscape. We look forward to the release of the refreshed National Cyber Strategy, and working with colleagues in HMG and across industry to continue to build on our shared national cyber resilience.

The stakes are high. As the Collins and JLR incidents show, cyber resilience is not just an IT issue – it’s a national security imperative.

The time is now.