Asked by: Chris Bloore (Labour - Redditch)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, if she will set out what support is available to small businesses to strengthen cybersecurity to prevent economic disruption.
Answered by Kanishka Narayan - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
Improving the cyber security of our nation's small businesses is critical to the resilience of our wider economy. We recognise many small businesses lack the resources to invest in their cyber security. As such, the government has developed a wide range of free tools, guidance and training to help small and medium-sized enterprises (SMEs) implement cyber security measures, including the Cyber Action Toolkit which provides SMEs with tailored advice on protecting their business.
National Cyber Security Centre (NCSC)-certified Cyber Advisors are available to provide advice and guidance on commercial terms and SMEs are eligible for a free 30- minute consultation. Additionally, the government's Cyber Essentials scheme helps all organisations, including SMEs, implement critical cyber security controls, protecting them from most common cyber attacks and provides them with free insurance. All of this information is available on the NCSC website.
More broadly across government, the Home Office funds a network of Cyber Resilience Centres which provide free resources, guidance and training to SMEs to strengthen their cyber security.
Asked by: Chris Bloore (Labour - Redditch)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what consideration she has given to the potential merits of introducing mandatory minimum cyber resilience standards for strategically important firms and supply chains.
Answered by Kanishka Narayan - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
The Network and Information Systems Regulations 2018 provides the UK’s only cross-sector cyber legislation, focused on protecting the security and resilience of essential services. The regulations impose security duties on Operators of Essential Services (OES) and relevant digital service providers (RDSPs) to take "appropriate and proportionate technical and organisational measures" to manage risk and prevent and minimise the impact of cyber incidents.
The Cyber Security and Resilience (Network and Information Systems) Bill, introduced in November 2025, updates these regulations to ensure it is fit for today, and the future. It will cover a wider range of critically important entities, including data centres and large load controllers and relevant managed service providers (RMSPs). The Bill will also allow, through secondary legislation, for security and resilience requirements to be set for regulated entities. Our proposals for this legislation will be linked to existing, high level security duties and be consistent with the NCSC’s Cyber Assessment Framework.
Regulators will also have the power under the Bill to designate certain suppliers as “critical” if a compromise or outage in their systems can cause a disruption to their services that would have serious, cascading impacts for our society and economy. Proportionate cyber security and resilience duties and requirements to applying to those designated suppliers, with associated requirements will be developed through secondary legislation and guidance. This will ensure that these critical suppliers have the appropriate cyber security and resilience measures in place, helping to protect the UK’s critical infrastructure from disruption.
The Bill sits alongside other regulatory regimes, such as for public telecoms providers and financial services, and a range of other tools to help organisations actively improve their cyber resilience. For example, the government offers the Cyber Essentials certification scheme to prevent the most common cyber attacks. Organisations with Cyber Essentials are 92% less likely to make a claim on their cyber insurance than those without it.
Asked by: Chris Bloore (Labour - Redditch)
Question to the HM Treasury:
To ask the Chancellor of the Exchequer, what assessment she has made of the value for money of recent Government-backed support to companies affected by cyberattacks.
Answered by James Murray - Chief Secretary to the Treasury
The National Cyber Security Centre (NCSC) works round the clock to counter attacks, support victims and empower organisations to protect themselves from online threats. The NCSC makes its advice and guidance to organisations freely available.
Where businesses do face disruption, and there is a risk of significant economic or social impacts, the government is prepared to act. In 2025, the government agreed to back JLR with a loan guarantee from UK Export Finance (UKEF). This decisive action helped JLR continue to support 154,000 UK jobs and protected a critical part of our automotive supply chain. JLR employs 34,000 people directly in the UK and supports 120,000 more jobs through its supply chain, many in small and medium-sized enterprises.
The loan covered by the guarantee will be re-paid over 5 years. As with any government intervention to support businesses in distress, the government sets a high bar and keeps value for money under constant review to ensure taxpayer funds are spent wisely.
Asked by: Chris Bloore (Labour - Redditch)
Question to the Department for Transport:
To ask the Secretary of State for Transport, what steps her Department is taking to ensure that autonomous vehicles use does not adversely affect bus reliability, active travel and access to essential services.
Answered by Simon Lightwood - Parliamentary Under-Secretary (Department for Transport)
The Automated Passenger Services (APS) permitting scheme will facilitate the rollout of small-scale commercial pilot deployments.
For an APS permit to be granted, local consent is required from the relevant licensing authority or franchising body. My department has recently published guidance on the consenting process, setting out a range of considerations for applicants and consenting authorities. These include, but are not limited to, the extent to which proposed services align with local transport plans and wider strategic priorities. As a result, issues such as bus reliability, active travel, and access to essential services may appropriately form part of early engagement with the consent authority.
Asked by: Chris Bloore (Labour - Redditch)
Question to the Department for Transport:
To ask the Secretary of State for Transport, what consideration she has made with the Chancellor of the Exchequer of the potential merits of piloting targeted road user charging schemes for autonomous vehicles to manage demand.
Answered by Simon Lightwood - Parliamentary Under-Secretary (Department for Transport)
No such considerations have been made. Early deployments of automated vehicles are likely to be relatively small-scale. Impacts on the transport network will be kept under review as the regulations for automated vehicles are implemented.
Asked by: Chris Bloore (Labour - Redditch)
Question to the Department for Transport:
To ask the Secretary of State for Transport, what assessment her Department has made of the potential impact of autonomous vehicles on trends in the level of congestion in the next five years.
Answered by Simon Lightwood - Parliamentary Under-Secretary (Department for Transport)
The introduction of the Automated Passenger Services (APS) permitting scheme will facilitate small-scale pilots of commercial deployments.
For an APS permit to be granted, local consent is required from the relevant licensing authority or franchising body. My department has recently published guidance on the consenting process, setting out a range of potential considerations for applicants and consenting authorities. These include, but are not limited to, the extent to which proposed services align with local transport plans, environmental strategies and wider strategic priorities. As a result, issues such as congestion may appropriately form part of early engagement with the consent authority.
The Government’s consultation on the Automated Passenger Services permitting scheme included questions relevant to congestion impacts. The Government response will be published in due course.