How can our research inform policy? Who are policy makers and how do they actually ‘make’ policy? 

by Flo Greatrix, RISCS Policy Adviser

As the policy adviser for RISCS, I am tasked with improving the dialogue and building relationships between our researchers and policy stakeholders, and helping to answer these tricky questions. 

Last month we held an ‘introduction to policy engagement’ training session for colleagues the RISCS community, the UCL CDT in Cybersecurity and our friends at the SPRITE+ network. Like everything else these days, the session was online. However, the advantage was that colleagues from over the UK could attend and share ideas.

The session, developed by the my team in UCL STEaPP, in collaboration with Dr Ine Steenmans,  aims to help researchers understand how to work with policy stakeholders. In particular, we look at what makes an effective policy engagement strategy and we hope, provide participants with the confidence to craft and execute their own strategy.  

A key component of the session is hearing from guest speakers. We ask them to tell us what their day to day roles look like, how they use research evidence and how academics can work with them. We were delighted to have Emma Green (DCMS); and Steve Bell (Home Office) with us on the day, who provided insight into cybersecurity policy making in different Government departments. 

Really thought the tailoring to cybersecurity was great. Thank you!”
– Participant

Through these talks, presentations and activities, we uncovered the challenges and barriers to academic-policy engagement, which include the unsurprising issue of time pressures (on both sides), speaking different languages (think academic ‘jargon!’ and acronyms), and of course, the multi-faceted approach to policy making, of which evidence forms just one part.

“As I am extremely early in my career, I found the discussion on the policy journey extremely useful and is something that I feel will inform my future work/choices.”
– Participant

Unfortunately, there is no ‘silver bullet’ to successful policy engagement, but we looked at the key tools to develop a strategy with the maximum chance of success. This includes being clear on your goals, for example: do you want to raise awareness about an issue, or is there forthcoming legislation that you think needs amending in light of your research findings? 

“Finding out more about exactly how academics can inform public policy; not just being told we should do it (was helpful). The acknowledgement that there is no single right approach was also useful, as sometimes it can feel like there is a magic recipe but no one has told you what it is yet!” 
– Participant 

Tackling cybersecurity issues requires effort from all corners of society, and even small efforts to build bridges across sectors over time can make a difference. It is exciting to see the enthusiasm from our academic community and policy stakeholders alike in building connections and sharing expertise to date, and I look forward to supporting it and watching it grow further. 

Please contact Flo, RISCS Policy Adviser, at if you are a RISCS researcher considering engaging with policy stakeholders and would like information or support about how to do this, please get in touch, or if you are a policy professional looking to find out more about RISCS research.