Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what assessment she has made of the adequacy of the capacity of (a) sectoral regulators and (b) the NCSC to process and respond to cyber incident reports as a result of the expanded reporting requirements in the Cyber Security and Resilience (Network and Information Systems) Bill.

Officials have worked closely with regulators and the NCSC in developing the Cyber Security and Resilience Bill and will continue to do so throughout its parliamentary passage and implementation planning.

The NCSC already leads the UK’s response to cyber incidents by triaging reports, supporting affected organisations and coordinating government action during major incidents. In the year preceding, September 2025, NCSC received 1,727 incident tips, 429 of which required direct support. The Bill will expand the type of incidents reported to regulators and the NCSC, strengthening understanding of the threat landscape and improving national cyber-defences.

The Bill will also bolster regulator resources by reforming cost recovery. Currently, regulators are constrained – for example, they cannot recover the cost of enforcement. The Bill will enable regulators to fully recover their costs and utilise flexible, sector-appropriate charging mechanisms, ensuring they are properly equipped to meet their duties.