When it comes to cyber resilience, the Midlands doesn’t have a strategy gap – it has an implementation gap.

Learnings from East Midlands Cyber Security Cluster’s CyberGrowth programme show that national guidance and frameworks exist – but that many SMEs still struggle to turn them into practical action. This is typically because of limited time, limited in‑house expertise, and confusion over who actually owns cyber risk.

Funded by DSIT and Innovate UK, CyberGrowth brought De Montfort University (DMU) and EMCSC together to test a place‑based model for closing that gap. The programme combined four strands: governance support for leaders, workforce development, 100 hours of applied academic consultancy for SMEs, and a regional Cyber Summit to convene the ecosystem and share learning at scale. 

Registrations were consistently strong and the Summit was 50% oversubscribed – evidencing of unmet demand for trusted, practical support in the region. The programme was delivered as part of the Government’s Cyber Local programme; CyberGrowth’s associated Impact Report distils what the regional project achieved on the ground. This includes how SMEs engaged, what changed inside participating organisations, and what delivery infrastructure has now been built in the Midlands. 

The purpose of the Impact Report is twofold: first, to give policymakers and funders an evidence‑led view of what works in turning national cyber ambition into local action; and to show why continuity of funding is essential if that emerging regional capability is to be protected and scaled, rather than lost in stop‑start cycles.

EMCSC founder and director Dr Ismini Vasileiou, said the report highlights that, while national guidance exists, many SMEs still struggle to act on it. 

“What’s powerful about CyberGrowth is that it turns that intent into implementation – helping local businesses move from awareness to action through practical, place‑based support,” she explained.

“CyberGrowth has shown that when local partnerships align with national ambition, we can turn awareness into real resilience. The Midlands now has the foundations of a scalable, place‑based model – one that proves SMEs don’t need more frameworks, they need practical continuity and support to make cyber security part of how they do business every day.”

CyberGrowth has created a repeatable, regional delivery model that helps SMEs move from awareness to action. The Impact Report proposes that the next step is to back it further – so that safer digital adoption, stronger supply chains, and a more resilient cyber workforce can become a permanent feature of the Midlands economy.

The need is clear: the report highlights that many SMEs start from a very low baseline and are often unaware of existing government frameworks and unsure who in their organisation actually “owns” cyber risk. 

It notes that when support is abstract or one‑off, it rarely sticks. By contrast, CyberGrowth’s place‑based model – combining leadership governance workshops, workforce development, applied academic consultancy and a regional Summit – begins to close that gap by offering practical templates, diagnostics, and hands‑on help that match SME capacity.

A key theme running through the report is continuity. It argues that CyberGrowth has now created a functioning regional delivery platform, centred on partners such as DMU and EMCSC, that can be scaled rather than rebuilt. However, it also warns that, if funding is stopped or constantly re‑competed, then hard‑won trust, relationships, and delivery rhythm will be lost, reducing both resilience gains and economic impact.

Finally, the report positions cyber as a foundation for growth. By strengthening governance, skills, and confidence, it helps SMEs adopt digital tools and AI more safely, meet supply‑chain expectations, and become more attractive to investors. Its message to policymakers and regional leaders is that – if they want a cyber‑resilient, future‑ready Midlands economy – sustained, place‑based support like CyberGrowth represents core investment.