The Department for Science, Innovation and Technology (DSIT) – in partnership with innovation and growth accelerator Plexal – has expanded the Cyber Runway CNI programme to harness SME expertise.
The move looks set to have implications for cybersecurity across the energy, water, telecoms, transportation and data centre sectors.
It aligns with the fact that CNI providers have been tasked by the National Cyber Security Centre (NCSC) to protect themselves against online harms following findings from the NCSC Annual Review 2025 which identified that attacks impacting central government, UK services, the public or economy had risen 50% over a year.
The Cyber Runway programme was initially funded by the Department for Digital, Culture, Media and Sport (DCMS) in 2021 and takes the form of an accelerator for UK cyber sector businesses at different stages of the business lifecycle. Responsibility for cyber security moved from DCMS to DSIT in 2023.
In the initiative’s latest development, Cyber Runway CNI has brought in six SMEs to contribute capabilities towards strengthening the UK’s CNI against evolving cyber threats.
“The CNI programme will bridge the gap between cutting-edge UK cyber innovation and the urgent security needs of sectors such as energy, water, telecoms, transportation and data centres,” Plexal said in a press release.
“Plexal and DSIT have also sourced CNI representatives holding roles such as CISO [chief information security officer] to provide direct first-hand perspectives of challenges they’re facing. CISOs will benefit from access to vetted SME solutions, understanding how they can be applied to their problem areas.
“This cross-sector collaboration will provide clarity to all parties, covering a range of themes. SMEs will have access to CNI buyers, investment valuations, growth strategies and more, while CNI peers will receive innovation discovery, regulatory awareness, supply chain resilience and beyond.”
SME line-up
APIContext provides an API monitoring and governance platform to help enterprises ensure performance, security and compliance across mission-critical APIs. By combining real-time visibility with automated conformance checks, APIContext empowers organisations to deliver reliable, standards-compliant APIs that build customer trust.
CloudPeek is an AI-native cloud security platform designed to protect high-consequence organisations across government, defence and critical infrastructure. By combining agentic AI, contextual risk analysis and automated remediation, CloudPeek supports teams to detect vulnerabilities, reduce exposure and maintain compliance with speed.
Goldilock’s FireBreak cyber security solution delivers instant, remote and physical network isolation without relying on internet-based controls. By enabling organisations to proactively disconnect critical systems on demand, FireBreak eliminates attack surfaces and stops ransomware to drive cyber resilience across IT, OT and critical infrastructure.
Hacktonics introduces cyber security training tailored for industrial control systems, empowering critical infrastructure sectors to defend against evolving threats. With hands-on courses and bespoke programmes, Hacktonics connects theory and practice, ensuring resilience for water, energy and transportation networks.
KETS Quantum Security provides chip-based quantum-safe solutions, including quantum key distribution and quantum random number generators (QRNG). Designed to protect critical infrastructure, telecoms and defence against quantum-era threats, KETS delivers scalable, ultra-secure encryption systems that ensure resilience and trust in an evolving digital world.
Praeferre is an AI-powered compliance and data privacy platform designed to simplify regulatory governance and secure digital ecosystems for enterprises worldwide. By integrating blockchain-based consent management, real-time policy enforcement and zero-trust data flows, Praeferre empowers organisations to adopt AI safely, prevent cyber attacks and build trust through transparent, ethical data practices.
Bolstering resilience
Last month, NCE reported on findings from think tank The Royal United Services Institute (Rusi) indicating that infrastructure in the UK was “inadequately protected against sabotage and cyber threats”.
On the inclusion of the key SMEs into CNI Cyber Runway, Plexal senior innovation lead for programmes Diane Gilbert said: “At Plexal, we understand there’s an abundance of UK cyber businesses developing powerful solutions to combat online threats but finding a route to market – especially involving large firms – isn’t straightforward.
“On the other side, we’ve seen so many high profile industry attacks throughout this year, the NCSC has declared ‘cyber risk is no longer just an IT issue, it’s a boardroom priority’.
“Cyber Runway CNI is positioned to improve the resilience of organisations that are critical to a functioning British society. We’re working together with cyber SMEs and critical operations to build sovereign cyber capability. We’ll achieve this by accelerating the adoption of British security solutions across CNI sectors to enhance resilience, regulatory readiness and supply chain integrity.“
Like what you’ve read? To receive New Civil Engineer’s daily and weekly newsletters click here.
