The world has never been more connected. The expansion of cyberspace has fundamentally changed how we live, work, and communicate – reshaping economies and how we tackle global challenges. While this rapid digital transformation presents multiple opportunities it also brings significant risks.
We support cyber capacity-building efforts by bridging policy, practice, and research, to enhance cybersecurity maturity, strengthen resilience, and align interventions with national security goals.
The rapid and continual adoption of new IT systems, often with unknown vulnerabilities, alongside the continued use of legacy systems with inherent weaknesses, creates strong opportunities for exploitation by cybercriminals and state-sponsored groups. In 2024, over half of UK businesses and 22% of US businesses experienced some form of cyber breach or attack. These risks are amplified by underinvestment in cybersecurity at all levels, the lowering barriers to engaging in cybercrime, and the increased role of cyber capabilities in hybrid warfare.
We generate and apply evidence to inform, evaluate and improve global efforts to build cyber capacity. We do this in all major cyber domains, covering policy and strategy, incident response, cybercrime, culture and skills, and standards.
The rapid expansion of cyberspace has transformed economic systems, governance structures, and global security. Digital transformation offers significant benefits, but it also exposes organisations and states to increasing cyber threats with economic, social, and political implications.
Investment in cyber capabilities produces multiple benefits. It supports institutional stability and digital security, leading to trusted digital spaces for government, citizens, businesses and civil society. It fosters economic prosperity and stability by reducing cyber risks linked to trade, investment and business operations. It supports the detection, disruption and deterrence of ever-evolving malicious cyber activity, supporting the safety and security of states and markets.
Despite these benefits, multiple barriers constrain investment in cybersecurity, which often results in the need for public support:
While progress has been made, the evolving nature of cyber threats requires continuous adaptation, learning, and collaboration to maintain resilience.
We act as a bridge between policy and practice, partnering with public and private sector clients to enhance their cyber resilience against ever-evolving threats. Our evidence-based approach supports the design, implementation, and continuous improvement of organisational cybersecurity and global cyber capacity-building programmes.
For clients looking to improve their cyber maturity, we offer expertise and advice in secure and resilient information management. Leveraging our experience in high-risk environments, our cyber experts advise on secure information management, ensuring information security, system resilience, and safe operations.
We help organisations respond effectively to cyber threats through the design and delivery of evidence-informed cyber programming. Our expertise spans all key cyber domains:
Incident response: Cyber security incident response teams (CSIRTs) are the cornerstone of modern cybersecurity practice. Effective, proactive threat and vulnerability analysis, and reactive incident and event management are critical protection for countries, sectors, businesses and singular networks. We use industry standards and expert judgment to assess and monitor the maturity of CSIRTs. Through this analysis we help our clients improve incident response capabilities and cyber maturity.
Cybercrime: Cybercrime has become one of the most pervasive crimes globally. Its cross-jurisdictional nature and the limited legal and regulatory frameworks in many parts of the world make protection and deterrence especially challenging. We generate and apply evidence to help clients design and adapt their efforts to detect cybercriminal threats, disrupt their activities, and deter future cybercrime. Our analysis also supports clients to coordinate more effectively with the international community in their response.
Culture and skills: There is a global shortage of cybersecurity professionals, especially in low- and middle-income countries, across public sector organisations and civil society groups. Cyber risks are typically underestimated, partly because the full costs of successful attacks are not well known or understood. We advise on the design and delivery of cyber hygiene campaigns to improve their reach and impact. We do this using tailored evidence and global best practices for strategic communications and campaigns. We help clients evaluate and improve the performance of skills programmes targeting key stakeholder groups including their workforce, the public sector, and higher education.
Standards: The development of standards provides a clear mechanism for improving cyber maturity consistently at a global level. Having clear examples and guidelines for best practice can guide investment and ongoing capacity building efforts. We provide research into international engagement on standards, to help client identify gaps, entry points, and opportunities for collaboration and consensus building.
Policy and strategy: We advise on the development and refinement of legal and regulatory frameworks aligned with international best practices, analysing how these frameworks influence cyber maturity in practice. We use industry assessments to help clients improve their cyber policies and strategies in line with international best practice.
