Key Takeaways
- Cyber‑attacks are escalating, with the UK NCSC averaging four nationally significant incidents per week in 2025.
- A large share of these incidents stem from advanced persistent threat (APT) actors, including nation‑state groups like Russia’s Midnight Blizzard.
- The UK government has pledged a £210 million boost to public‑sector cyber defence, acknowledging the high financial toll of breaches (average $2.86 million per incident per IBM).
- High‑profile breaches, such as the December 2025 Kensington and Chelsea Council attack, underscore the risk to sensitive citizen data.
- Crowdsourced security—leveraging a global vetted researcher community—offers continuous vulnerability discovery, aligning with Continuous Threat Exposure Management (CTEM).
- Benefits include access to diverse talent, real‑world attack simulation, scalability, faster remediation, and measurable ROI via frameworks like Return on Mitigation (RoM).
- Successful implementation requires clear scope definition, researcher engagement, and iterative program refinement.
- When combined with internal teams, crowdsourced security extends defensive capacity, helping public‑sector organisations manage legacy constraints while supporting digital transformation.
Rising Cyber Threat Landscape and NCSC Findings
The UK National Cyber Security Centre (NCSC) reported handling an average of four “nationally significant” cyber‑attacks each week throughout 2025, a figure that highlights the accelerating pace and severity of threats facing the country. This sustained volume places pressure on both public and private organisations to maintain vigilant defences. The NCSC’s Annual Review 2025 further revealed that a substantial proportion of the incidents managed over the past year were linked to advanced persistent threat (APT) actors, indicating that sophisticated, long‑term campaigns are becoming a dominant feature of the threat environment.
Nation‑State and APT Activity in 2025
State‑sponsored campaigns, exemplified by the Russian group Midnight Blizzard, saw notable increases in 2025. These adversaries frequently targeted identity layers and cloud‑collaboration tools to establish persistence within victim networks, exploiting the growing reliance on remote work and digital collaboration platforms. The NCSC noted that such tactics allow attackers to move laterally, harvest credentials, and exfiltrate data while remaining under the radar of traditional security controls. The trend underscores the need for defences that go beyond perimeter protection and address credential‑based and cloud‑centric attack vectors.
Government Response and Funding Initiatives
Recognising the financial and operational impact of cyber incidents, the UK government announced a £210 million investment aimed at strengthening public‑sector cyber defence. This commitment comes at a time when IBM’s 2025 Cost of a Data Breach study placed the average breach cost at $2.86 million, illustrating the substantial economic stakes involved. The funding is intended to modernise legacy systems, enhance threat‑intelligence sharing, and support skills development across local authorities and operators of critical national infrastructure. By bolstering resources, the government hopes to close the gap between the rapid digitisation of services and the security capacity required to safeguard them.
Impact of High‑Profile Public‑Sector Breaches
A stark illustration of the risks faced by public organisations emerged in December 2025, when a major cyberattack on Kensington and Chelsea Council potentially compromised the personal information of hundreds of thousands of residents. The breach exposed sensitive data that could be leveraged for fraud and social‑engineering attacks, eroding public trust and highlighting the consequences of insufficient defensive measures. Such incidents reinforce the urgency for public‑sector entities to adopt proactive, continuous security practices rather than relying solely on periodic assessments or reactive responses.
Introduction to Crowdsourced Security and CTEM
In response to the evolving threat landscape, many organisations are turning to crowdsourced security as a strategic complement to internal teams. This approach aligns with the broader shift toward Continuous Threat Exposure Management (CTEM), which emphasizes ongoing identification and validation of exposures across an organisation’s attack surface instead of relying on isolated, point‑in‑time tests. By engaging a vetted global community of security researchers, crowdsourced security provides a persistent lens through which vulnerabilities can be discovered and addressed in near‑real time.
How Crowdsourced Security Operates in Practice
Implementing a crowdsourced security programme begins with CISOs defining clear scope and objectives—such as which assets are in‑scope, the desired depth of testing, and any compliance requirements. Once the programme is launched, the organisation connects with a trusted platform that provides access to a community of researchers. These researchers submit vulnerability reports, which are then triaged, validated, and remediated by the internal security team. Over time, the programme can be refined or expanded based on findings, changing risk profiles, or evolving business needs, ensuring that testing intensity remains aligned with the organisation’s exposure.
Core Advantages of a Crowdsourced Approach
Crowdsourced security delivers several tangible benefits over traditional, internally‑focused testing, particularly for under‑resourced public‑sector teams. First, it taps into a diverse, global talent pool, bringing varied expertise—including emerging areas like AI‑model security and data privacy—that increases the likelihood of uncovering flaws from multiple angles. Second, because researchers emulate real adversaries, the testing simulates authentic attack chains, employing creativity and non‑standard techniques that automated tools often miss. Third, the model offers scalability and flexibility; organisations can ramp up testing during major digital‑transformation initiatives or scale back during stable periods, adapting to agile development cycles. Fourth, parallel testing by many researchers accelerates vulnerability discovery, shortening the window of exposure and enabling faster remediation before threat actors can exploit the flaws. Finally, metrics such as vulnerabilities found, mitigated losses by type, and criticality levels allow organisations to quantify security return on investment, with frameworks like Return on Mitigation (RoM) helping to demonstrate tangible value to leadership and boards.
Strategic Integration and Future Outlook for Public Sector
While crowdsourced security is not a replacement for internal security staff, it functions as a strategic extension that enhances overall resilience. By continuously surfacing risks, it enables public‑sector organisations to prioritize remediation efforts where they matter most, particularly during phases of rapid digital change. The ability to align testing intensity with risk exposure—scrutinising new services heavily while maintaining ongoing oversight of legacy systems—creates a balanced defence posture suited to today’s threat landscape. As cybercrime continues to rise exponentially, combining robust internal capabilities with the agility and breadth of crowdsourced expertise will be essential for safeguarding citizen data, preserving trust, and ensuring the uninterrupted delivery of critical public services.