Few conferences have the gravitational pull of their host institution the way CyberUK does.
As the National Cyber Security Centre’s flagship event, it’s the venue where UK cyber policy gets articulated, debated, and translated into operational guidance — and the 2026 edition, held 21–23 April in Glasgow, marked the NCSC’s tenth anniversary with a deliberately forward-looking agenda.
The Conference at a Glance
Hosted by the NCSC and rotated across the UK’s nations, CyberUK 2026 returned to Glasgow’s Scottish Event Campus and drew over 2,500 delegates, 100-plus speakers, and 150 sponsors and exhibitors.
The 2026 theme — “The next decade: Accelerating our cyber defence” — set up a forward-looking programme rather than a victory-lap retrospective.
The NCSC also restructured public sector ticket allocation for 2026, working directly with departmental contacts to ensure the right people from the right organisations get into the room.
The result was a noticeably tighter audience curation than commercial conferences typically achieve.
Who It’s For
CyberUK sits at the intersection of government, academia, industry, and law enforcement.
It’s especially valuable for CISOs in regulated sectors, critical national infrastructure, and the broader public sector supply chain.
Tickets are subject to an application process, which keeps the audience focused and the conversations more candid than a typical commercial conference.
International attendees from allied governments are a steady presence, and the off-the-record corridor conversations are often where the real value sits for senior leaders.
If you operate UK CNI, work with the public sector, or run a regulated business in the UK, CyberUK is close to mandatory — and the application process tends to favour organisations with a credible reason to attend.
Highlights and Themes from the Most Recent Edition
NCSC CEO Richard Horne’s keynote framed the next decade through the lens of AI as both adversary tool and defender opportunity, drawing on intelligence that frontier AI is now actively enabling vulnerability discovery and exploitation at scale.
The technical programme leaned hard into operational technology security — the NCSC presented evidence that connected OT environments are already being routinely exploited and pushed delegates toward more aggressive supply chain demands, including stronger vendor security baselines and the wider adoption of Privileged Access Workstations within OT.
Identity, post-quantum migration, and the practical mechanics of the Cyber Assessment Framework also drew strong attendance.
The NCSC’s 2024–2025 incident statistics — 429 cyber attacks handled, including 204 nationally significant incidents, more than double the previous year — provided the sobering operational backdrop.
What to Expect Going Forward
The 2027 location and dates haven’t been confirmed at time of writing, but the rotation pattern suggests a return south.
Expect AI governance, OT, and supply chain assurance to remain dominant themes, with growing emphasis on critical infrastructure resilience as geopolitical pressure persists.
Application-based ticketing is likely to continue, and worth applying for early.
The Bottom Line
CyberUK is one of the few events where you’ll hear UK government thinking from the people actually shaping it, alongside enough technical depth to be useful to working teams.
For CISOs in regulated industries, public sector roles, or any organisation that touches CNI, it earns its slot easily.
The application process is worth the effort — and if you can’t get in personally, sending senior team members is rarely a wasted investment.