We are holding a competition for PhD students and early career researchers to encourage cyber security research and analysis that makes use of UK government survey data.


On 22nd of July 2021 we held a workshop with representatives from National Cyber Security Centre, Department for Digital Culture, Media and Sport, law enforcement, private sector and academia. During the workshop we identified a set of priority policy questions that could be investigated with existing survey data. These can be summarized 

  • What behaviours/policies/processes have the biggest impact on improving an organization’s cyber security as measured by likelihood and impact of breaches and attacks?
  • Has Cyber Essentials worked? What gaps do organizations with Cyber Essentials have? Are organizations with Cyber Essentials less likely to be attacked? Has take up of Cyber Essentials increased?
  • What can we demonstrate about the cumulative impact of UK government’s interventions on the state of organization’s cyber security? Does impact differ by sector or by size of organisation?
  • How can organizations use data like that found in the Cyber Security Breaches Survey to inform what do they do next?
  • How can we demonstrate the overall cyber risk level to the UK economy? What is the evidence base that this is a serious threat to UK industry?
  • Where do organizations (SMEs) turn to for advice? Are SMEs taking up appropriate cyber security services?

To take part in the competition

We are looking for submissions (in the form of an academic paper) that study one or more of the policy questions detailed above using existing survey data. The submission can be of any length, but should include an introduction (setting out the questions to be analysed), the methodology used and the results. Enough details should be given to allow independent replication of the results. 

We request that you please express your interest in entering the competition by emailing riscs.administrator@ucl.ac.uk with your draft submission titles and areas of interest, before starting work on your submission.

Submissions will be judged on the quality of insight given and the potential to contribute to the policy debate. The submissions need not necessarily solve or answer the research questions in full – partial solutions or interesting suggestions on how the problem in question could be tackled would certainly be considered valid entries.

There is no restriction on who can enter, or on joint entries, provided at least one author is a PhD student or early career researcher (within five years of obtaining a PhD). There are also no restrictions on the number of submission allowed per person.

The closing date for submissions is 20th of February 2022.

How to submit your entry

When you are ready to submit an entry, please complete the submission form and send your entry paper to riscs.administrator@ucl.ac.uk.

Policy Workshop

All submissions of sufficient quality will be given the chance to present at a RISCS Workshop in March 2022 and given a commendation prize. The workshop will be attended by representatives from the National Cyber Security Centre, Department for Digital Culture, Media and Sport, law enforcement, private sector and RISCS network. It will be an opportunity to present your results and help inform the cyber-security debate. 

Where to find data

We would encourage imaginative use of existing government data but highlight four possible sources of data. For each of these surveys the headline data is widely available on gov.uk and complete data sets available to academic researchers on UK Data Service.

  • Cyber Security Breaches Survey (2018-2020). 
  • Longitudinal Small Business Survey (2015-2019).
  • Commercial Victimisation Survey (2012-2018).
  • Crime Survey of England and Wales (2013/2014-2019/2020). 


If you have further questions, please contact Dr Anna Cartwright, RISCS Fellow, Quantification & Cyber Risk, via e-mail at a.cartwright@brookes.ac.uk.