Tag: Liz Lloyd

The speech made by Liz Lloyd, the Telecoms Minister, on 28 May 2026.

Hello everyone.

It is a pleasure to be with you here this afternoon.

It is tempting to think of our subject matter today – the security and resilience of subsea cables – as something utterly modern.

After all, it seems like every day we are reminded of just how fundamentally reliant we’ve become on this extraordinary technology.

But history tells a longer story. Exactly 126 years ago to the day a naval officer named

Carlyon Bellairs stood in this very institute and asked this question:
how can Britain make its subsea cables more secure and resilient?

Even at the dawn of the twentieth century, those early telegraph cables were laying the foundations for global connectivity – carrying financial transactions, business communications, and military signals across continents in near real time.

Bellairs recognised that this was transforming both global commerce and global power.

But he also warned that it was creating profound new vulnerabilities beneath the sea.

More than a century later, the technology has advanced radically, but the core strategic challenge remains the same.

Just as Bellairs made clear in 1900:

Our task is not to eliminate risk – that would be impossible given the vast ocean floor.

Instead, we must build resilient systems able to withstand disruption.

So today, I want to lay out the three core pillars which this Government will use as the foundations for this work:

• Resilience through growth
• Deterrence; and
• Security.

Resilience through growth

Let me begin with our first pillar: Resilience through growth.

True resilience does not come from hiding from the world or trying to encase our infrastructure in concrete.

It comes from economic vitality.

And it depends, more than anything else, on ensuring we have a healthy, thriving, and expanding cable sector – an engine of the UK’s broader economic success story to date.

Today, subsea fibre-optic cables are the silent workhorses of our economy.

Without them the UK would be functionally cut off from the outside world.

Much of our modern digital lives would simply cease to function.

Every international payment, every cross-border trade executed in milliseconds, every flow of data between businesses here in the UK and markets overseas – all travel along the seabed.

And demand is skyrocketing.

Artificial intelligence is driving a massive wave of infrastructure investment.

Just last month, my Secretary of State in DSIT spoke here at RUSI about the Government’s ambition for Sovereign AI.

Thanks to this Government’s efforts, the private sector will invest tens of billions of pounds in the UK’s AI infrastructure over the coming years:

Powering our AI Growth Zones, boosting productivity, and securing the high-quality jobs of the future.

But that compute power relies on data, and that data is carried by subsea cables.

That is why we must support the next generation of investment.

Many of the cables landing on our shores were laid twenty years ago during the initial data centre boom.

To replace and expand them, government must play an active role in creating the conditions for commercial success.

First, that means common-sense regulation.

We are reviewing our legislative framework to ensure regulation supports growth rather than holds it back.

To give you just one example, we are taking a pragmatic approach to environmental red tape – exempting, wherever possible, the laying, maintenance, and removal of subsea cables from unnecessary requirements.

This is particularly true in deep waters, where we know the impact on marine life is extremely limited.

Second, we are ensuring we have the domestic capability to keep this network running.

Right now, if a cable breaks in UK waters, a repair vessel is usually on site – ready to fix it – in eight days.

That is a world-leading response time.

But we cannot take it for granted.

So this Government is now completing a detailed piece of market engagement to ensure we can retain a UK-based UK flagged sovereign repair capability long into the future.

We will make a final decision towards achieving this important aim by the end of the year. Investments like this drive resilience.

And when we look at the core mission of our newly expanded National Wealth Fund –
to crowd in private finance, upgrade critical infrastructure, and anchor the supply chains of the future – this is precisely where government can step up to make the difference.

We are already putting this approach into practice.

Just two months ago, we announced a massive £600m deal to unlock the Eastern Green Link 4 project.

A 530km subsea energy superhighway running beneath the North Sea.

An investment that will not only upgrade our national grid – but also strengthen our domestic supply chain, and anchor high-skilled jobs right here in the UK.

By building strong domestic industries we don’t just protect infrastructure; we strengthen Britain’s position in its most strategically vital sectors.

We ensure that our resilience is powered – by our growth.

Deterrence

But economic growth must also be defended, which brings me to our second pillar: Deterrence.

There is a persistent myth that our subsea cables are completely defenceless, and that adversaries can operate over them in total secrecy.

Let me be absolutely clear: that is completely false.

We are – at all times – watching, tracking, and actively deterring threats to this critical infrastructure.

Just last month, the Defence Secretary revealed that our Armed Forces – in partnership with our allies – tracked Russian submarines operating in UK waters.

Their mission was to survey our cables in peacetime;

So they could more easily sabotage them in conflict.

They wanted this operation to be secret.

But they failed.

Our Royal Navy followed their submarines throughout and made its presence clearly felt.

Our message to President Putin was simple: we can see what you’re doing and any interference will have serious consequences.

That military shield can easily be taken for granted –

Defending our island is a relentless task that is rarely made public.

But it is exactly what gives the market the stability and the confidence to build, and to lead the global AI revolution from British shores.

Though, alone it is not enough.

Deterrence in the twenty-first century requires also a collaborative effort between government and industry – to shine a light on what is happening on the seabed.

By embracing advances in sensing technology, we can transform subsea cables from passive transmitters into intelligent systems.

These next-generation systems won’t just carry data; they will actively monitor environmental changes, improve our understanding of seabed activity, and detect hazards or interference before disruption even happens.

When we can see a threat coming, we can deter it.

But true deterrence requires a robust, credible legal framework too.

For acts of sabotage clearly linked to a hostile state, our laws already carry life imprisonment for the most serious cases.

But malicious activity below the ocean surface doesn’t always present itself so clearly.

As you all know, it frequently operates in the “grey zone” – ambiguous in intent;
hard to prove; and
difficult to prosecute.

Right now, the legal system is simply not keeping pace with the threat.

Some of the core legislation we rely on dates back to when even Lieutenant Bellairs was a child!

Needless to say, it was written for a different world.

So we are changing that.

Today I’m announcing that this Government will bring forward new legislative proposals for consultation that will modernise and strengthen our criminal framework in this domain.

We will make the law clearer, tougher, and much harder to evade.

Sending a clear message that if you act recklessly, or if you deliberately target our cables, there will be serious consequences.

Because deterrence only works if it is credible.

And we cannot let anyone operate in the shadows of our seas with impunity.

Security

Our final pillar is Security – reducing the physical and systemic vulnerabilities in our network so that we can withstand and rapidly recover from disruption.

Now – just as in the past – the vast majority of cable breaks are not from deliberate sabotage.

They are accidental, caused by natural seabed movements or anchors being dragged across the seabed.

Security, therefore, requires practical, everyday risk reduction.

And so to prevent accidental damage, I am proud today to formally endorse the European Subsea Cables Association’s new Fishing Liaison Guidelines.

Developed in close partnership between government, industry, and the fishing sector, these guidelines offer a practical blueprint for how two of our vital maritime industries can operate safely alongside one another – sharing information and protecting the ocean floor.

Of course, we must also secure the vital nodes where these cables come ashore.

Cable landing stations are critical bottlenecks; they house the data management and power systems that keep the entire network alive.

And so to protect them, we are working hand-in-hand with the National Protective Security Authority and the National Cyber Security Centre to deliver detailed, up-to-date physical and cyber-security guidance for cable operators.

Building on the Telecommunications Security Act, we also intend to consult on new legislative measures to ensure a robust baseline level of security across our entire cable network.

This means clearer duties to manage risk, maintain rigorous response plans, and report incidents rapidly.

Finally, security means looking ahead at how we use our waters.

Our analysis with The Crown Estate shows that by 2035 the UK will rely on a significantly higher capacity of cables to match skyrocketing digital demand.

To manage this crowded environment, this Government is looking carefully at how we prioritise the seabed.

We have worked across departments to map out and actively protect the space needed for future cable routes.

Because by managing seabed congestion we can reduce single choke points where multiple cables converge and protect them from accidents while still achieving our green energy ambitions for much more offshore wind.

And because data does not stop at national boundaries, our security strategy cannot stop there either.

Which is why we are deepening our international cooperation, particularly with our near neighbours.

To give just one example – we are working closely with the Irish Government to align our incident response plans.

In fact, later this year, the UK and Ireland will conduct a joint exercise to rehearse how we would respond to major subsea cable disruption.

And this will not be a one-off.

It sits within a broader programme of sustained cooperation and regular exercises – designed to build, strengthen and reinforce our shared resilience over the years ahead.

But our ambition extends beyond our immediate waters too.

Through our leadership in the International Advisory Body for Submarine Cable

Resilience, we are actively exporting these high security standards globally – ensuring British companies can compete, innovate, and operate effectively anywhere in the world.

Because when British industry succeeds on the global stage, our entire nation becomes more secure.

Conclusion: building a secure and prosperous future

And so let me finish right where I began.

With the timeless strategic reality that Bellairs identified in this building all those years ago.

He reminded his audience that for a great maritime nation, economic prosperity and national security are not two separate competing interests.

They are two sides of the same coin.

True resilience is won not only when a country is well-defended.

But also when it has the confidence to build, to grow, and to lead.

And so while the challenges we face are substantial.

The UK is approaching this era from a position of strength.

We have always been a nation whose prosperity and security depend on our courage to reach out across the seas and to connect with the wider world.

Achieving that future is a responsibility that neither government nor industry can carry alone.

It requires us to walk in lockstep.

So let’s leave today:

• Clear-eyed about the risks we face.
• Proud of this country’s world-leading industry; and
• Confident in the UK’s ability to meet the challenge of the future.

Thank you very much.

The comments made by Liz Lloyd, the Telecoms Minister, on 29 May 2026.

The UK already has strong protections in place for our subsea cables, but in a more uncertain world we cannot stand still.

As hostile activity by Russia and others grows, protecting these cables matters more than ever for our economy, security and daily lives. That is why we plan to go further with tougher penalties for reckless damage, stronger security obligations and new powers to respond quickly when incidents happen.

True resilience depends on having a healthy thriving telecoms sector, and government must play an active role in creating the conditions for commercial success. By building a strong domestic industry we don’t just protect infrastructure, we strengthen the UK’s position as a global centre for digital trade.

The speech made by Liz Lloyd, the Minister for the Digital Economy, in London on 15 January 2026.

On the 19  of September, a ransomware attack hit a major software supplier used by airports across Europe.  

Overnight, checks and systems failed, flights were delayed, staff were forced back to pen and paper.  

Thousands of people, families, workers and travellers were left stranded. It wasn’t an attack on any airport directly.  

It was an attack on a software supplier, a single weak point rippled across a whole sector. 

Incidents like this are becoming more common.  

In the UK, 43% of businesses have experienced a cyber security breach or attack in the last 12 months. We estimate that cyber breaches cost the UK about £15 billion a year – around 0.5% of GDP.   

And while the digital economy, especially AI, offers huge opportunities for growth across many sectors in the economy, none of that potential can be realised without confidence.  

People need to trust the systems they use right now, but they still hesitate.  

They worry about how their data is handled and whether the technologies they rely on are secure.  

So software security isn’t just technical. It’s a commercial imperative. And trust is what unlocks growth.  

Government’s first duty is to keep citizens safe. By securing our technologies, we protect citizens, their businesses, the economy.  

Strong cyber security and supply chain security underpin enterprise, prosperity, and jobs. 

That’s why we must do everything we can to protect against these attacks, and support our brilliant tech companies, so they can get on with what they do best.   

We’re starting in a good place.    

The UK has some of the strongest cyber defences globally.     

 We have fast-growing clusters of expertise in Cheltenham and Manchester, as well as Belfast and Scotland’s cyber cluster that spreads across several Scottish cities. 

 And our cyber sector is the third largest in the world – achieving double-digit growth, year on year.    

As a government, we also know we must do our part.     

Backed by over £210 million, the Government Cyber Action Plan published last week sets out how the government will rise to meet the growing range of online threats.  

This will improve digital resilience across the public sector.  

And as we strengthen government’s defences, we are also setting clear expectations for industry.  

The Cyber Security and Resilience Bill will ensure that our critical national infrastructure is protected. 

 In October, we wrote to FTSE 350 companies, urging them to strengthen their defences – adopting things like our ‘Cyber Essentials’ certification.   

This was followed by a similar letter to entrepreneurs and small businesses, in November, with bespoke advice for smaller teams.    

We know these things work: organisations that adopt ‘Cyber Essentials’ are 92% less likely to claim on cyber insurance than those who don’t.     

We have also worked closely with industry to identify the minimum actions to secure the technology that our economy relies on.   

This includes working hand-in-glove with the NCSC [National Cyber Security Centre], UK companies, and international counterparts to develop policies that set a global standard for technology security.    

For example, the UK’s AI Cyber Security Code of Practice has been developed into a global standard through the European Telecommunication Standards Institute.    

This follows in the footsteps of the PSTI ACT: world leading legislation to ensure consumer devices secure by design that came into force in 2024.    

But we cannot rest where we are.  

The threat landscape is evolving rapidly, and adversaries are becoming more sophisticated with attacks on software.  

Software now underpins almost every critical service in our economy, from healthcare, to transport, to national security. So it’s fundamental to our resilience and public trust.  

To start to address this, the Department [for Science, Innovation and Technology] and the NCSC published the Software Security Code of Practice in May last year. 

This Code outlines the minimum actions that software suppliers should take to ensure a baseline level of security across the software market. 

But communicating those expectations is just the first step.  

We now need to ensure that these actions are embedded in UK supply chains to provide businesses with confidence in the technologies they need to operate and to grow.  

Currently, just 21% of organisations say they think about cyber security when buying software.   

So it’s time to address this.     

The question is how, exactly, we do this.    

On one side, there are those who push for new regulation, and stronger government oversight.    

On the other, there are those who say ‘do nothing’, businesses will get there themselves – just wait it out.     

But I believe we can be more ambitious than that.    

The UK is home to some of the best software firms anywhere in the world, and we’re lucky to have great examples here in this room today.   

As well as the brilliant international firms who invest here, set up offices here, and make the UK their home.    

I believe we need to learn from these companies – to find the ones who are leading the way and celebrate them, as role models.    

The firms whose software is developed with security, top of mind.   

Who appoint dedicated cyber experts.    

Who have brilliant communication between buyer and seller.   

Who offer best-in-class training to their workforce.    

 And whose leaders take safety seriously – with accountability at the very top.    

 That is what a true pioneer looks like.    

 And we see the same forward-thinking security posture throughout supply chains.    

The UK hosts a burgeoning ecosystem of supply chain security experts. 

This includes buyers leading the way in how they manage risks in their supply chains, and cyber security experts offering their services and knowledge to disseminate crucial cyber security capabilities.    

Now we must learn from them and spread these habits to as many organisations as possible.    

So today I am very proud to announce the UK’s new Software Security Ambassador Scheme, a group of leaders – 13 companies, in total – who are making a public commitment to champion secure software and to be role models for the UK government’s Software Security Code of Practice.  

This Code has been written in partnership with industry and with cyber experts, at every step, including the National Cyber Security Centre.    

And our national ambassadors span the whole software field – from vendors…   

…Sage, Cisco, and Palo Alto Networks, Hexiosec, Zaizi and Nexor…   

…to buyers – like Lloyds, and Santander…     

…to expert advisors – Accenture, NCC Group, ISACA, ISC2, and Salus Cyber.    

Now, we hope you will use your position as industry leaders, and first adopters, to spark a change in the sector more widely.    

 We’ve seen how effective this model can be.    

 A voluntary code of practice is a tried-and-true way of setting a professional standard.  

Look at the World Health Organization’s code of practice for hand hygiene.  First introduced in 2009, the code has become a global benchmark despite not being enforced by law, and has helped to significantly reduce infection rates as hospitals can draw on a single, definitive source of best practice in one place.    

That’s exactly what we want the Software Security Code of Practice to become.  

Every sector that depends on software, a single trusted reference point that lifts standards across the whole economy. 

Our Software Security Code of Practice sets out 14 principles, and clear expectations for how software should be secured in our supply chains to build a common understanding between vendors and buyers of what level of security a software supplier should be responsible for.   

I’m delighted to say it’s already being used in the public sector, by the NHS.    

So our health service can help to lead by example too.    

If we get it right, this could be a real moment of achievement.    

Great UK industry, paving the way.    

Modelling safe, secure tech for the rest of the market.    

And perhaps the start of a new, international benchmark too.    

To protect our country from attacks.    

 Back British growth and prosperity.    

 And create a better future for all of us, starting here today.     

 Thank you all.