TRUSTEE REPORT AND FINANCIAL STATEMENTS FOR THE YEAR ENDED 31 MARCH 2024 

Royal Charter Number: RC000924 Charity Number: 1198846 

UKCYBERSECURITYCOUNCIL.ORG.UK 

1 




**----- Start of picture text -----**<br>
CONTENTS<br>Trustee Report<br>-  Foreword from the CEO  3<br>-  Purpose & Benefit  4<br>-  Year in Review – Achievements   5-8<br>-  Reference & Administration  9<br>-  Reserves Policy & Risk Management  10<br>-  Governance Structure  11-12<br>-  Future plans  13<br>-  Trustee Role, Appointment & Induction   14<br>-  Year in Review – Financial Performance   15-16<br>-  Trustee Statement of Responsibilities   17<br>Independent Auditors Report                                                             18<br>Statement of Financial Activities for the year end 31 March 2024     22<br>Balance Sheet as at 31 March 2024                                                   23<br>Statement of Cash flows for the year end 31 March 2024                  24<br>Notes to the Financial Statements                                                 25<br>2<br>**----- End of picture text -----**<br>




Foreword from our CEO 


## FOREWORD FROM OUR CEO 

The Council is unwavering in its commitment to maintaining and strengthening partnerships. These alliances are integral in delivering our cyber security standards, which are the bedrock of all our cyber security specialisms. Trust, integrity, and ethics remain at the heart of all our standards, and we recognize the ongoing partnerships with DSIT, NCSC, our licensed bodies, CiiSec, ISC2, ISACA, Crest, and The Cyber Scheme. 

Cybersecurity attacks are on the rise and will continue to increase. Technological advancements are also still driving data dependency in today's data-centric world. Therefore, the following areas are essential for the Council to deliver and support outcomes for growing security maturity levels and increasing cyber resiliency. 

Supporting the growth of the cyber profession. Providing a more comprehensive gateway for those who want to enter and experience the cyber security profession. The inclusion of a fourth title, "Practitioner," therefore, means that the Associate level can be the introductory level for potential cyber security professionals. 

Working with national and international partners and volunteers, we continue to deliver the core standards pivotal to achieving cyber maturity and resiliency. These standards are the bedrock for supporting new technologies and ways of working 

The Council will focus on its work with government departments to contribute to the growth of the cybersecurity profession across government. 

The Council's maturity now means it has staff with more knowledge of the operations it needs to build sustainability and viability. This maturity allows greater clarity in identifying any critical skill gaps the Council must address. This exercise and the onboarding of new talent are already making significant contributions to achieving strategic and operational goals. 

In the following months, the Council will collaborate internally and externally to achieve its revised sustainability plan by April 2025. 

Our operations team have worked hard to create a new Corporate 

Membership offering, giving further benefit to those organisations who join us on our journey. This will affect all of our pillars, creating thought leadership, key relationships, and the opportunity for further collaboration with the profession. 

Council staff and I have continued to be present within the community, securing speaking slots and panel events at key conferences such as CyberUK, the  International Cyber Expo, Ethnic Minorities in Cyber (EMiC), and the Channel Islands Information Security Forum. 

We have spoken at government hosted events such as the Welsh Government Cyber Industry Roundtable and the Chevening Cyber Programme at the UK Defence Academy, at partner events such as SASIG, BT, techUK, CompTIA, IASME and CyBOK, and at academia events at Lancaster, Warwick and Birmingham Universities. 

As the Council reflects on its approach to tackling its challenges, core contributing factors are collaboration and creating channels for listening to professionals and partners, which will remain a vital focus area. The Council remains proud to be building the body for the country's cyber security profession. It can pave the way for other countries that may want to follow this route and contribute to enhancing their cyber security maturity and resiliency levels. For this, the Council remains grateful to all who continue to support and work to achieve this goal. 


## Dr Claudia Natanson MBE 

Council Interim Chief Executive Officer 

3 



Purpose and Public Benefit 


## PURPOSE AND PUBLIC BENEFIT 

The purpose of the UK Cyber Security Council is to act as the voice of the cyber security profession and help ensure that the UK is the safest place to live and work online, as set out in the original National Cyber Security Strategy (2016-2021). 

## Its aims are to: 


- Inspire, inform and advance public cyber security awareness and knowledge 


- Create an open, inclusive and professional cyber security culture 


- Influence cyber security best practices that proactively benefit the public in the UK and beyond 


Act as the reference point for cyber security professional standards, competence and commitment 

We have established 5 pillars to deliver our aims, these pillars are: 


- Professional Standards - Setting the standards for practitioners across the sector 


- Professional Ethics - Creating and ensuring cyber professionals adhere to our Code of Ethics 


- Careers & Learning - Providing guidance on how to join and progress within cyber security 


- Outreach & Diversity - Striving for an inclusive and representative sector 


- Thought Leadership & Influence - Positioning the Council as the voice of the profession 

By bringing together professionals within the cyber security sector, with stakeholders, government, and third sector organisations, we will establish professional standards and ethics, alongside our work to encourage progression within the sector. 

We will work in collaboration with the wider industry to tackle issues such as closing the skills gap and make sure we see a more representative workforce. 

## Public Benefit 

One of our key values is inclusion. This means everyone. We embrace diversity of all kinds and the rich knowledge this empowers us with. 

We break down barriers, promote fairness and champion the need and the benefits for inclusion. 

We will benefit the public through our work to demystify and simplify career paths within cyber security, which will have a tangible impact through the reduction of the skills gap in the sector. 

We will ensure those in the profession are working to a defined standard and code of ethics, and make sure anyone wanting to start a career in or progress within cyber security can. 

This not only benefits individuals, but also employers, businesses, and the wider community; creating a world where the whole of society is safe and secure in cyber space. 

4 



Year in review 


## YEAR IN REVIEW: 

The Council workstreams have continued to develop this year and include: 


Careers and Qualifications 


Professional Standards 


- Outreach & Diversity in Cyber Security to develop the next generation 


Professional Ethics 


- Thought Leadership & Influence 

These key pillars of work provide us with a foundation to achieve our four strategic aims. 


Structure the council to deliver for the UK Cyber Security Strategy 

Develop a sustainable & diverse workforce of cyber professionals Engage with & listen to industry 



Make every contact matter 


This financial year is year two of our three-year Strategy “Chartering a Cyber Future”. 

This year we: 


Developed, promoted and provided stewardship of the highest possible standards of expertise, excellence, professional conduct and practice in the profession, for the benefit of the public. 

- Undertook a consultation on the 16 specialisms and professional titles, resulted in a number of 


recommendations that will be taken forward, including the addition of a 4th title. 


Focused on developing our Quality Management System and reconstructed the Licensee Manual and associated guidance. 


Awarded over 150 Professional Titles 








- Further developed our Certification Framework Tool 

- Developed T Level Placement support for Employers 

- In collaboration with DfE, hosted a series of in-person T Level Conferences around the country 

- Upheld the Code of Ethics and investigated any breaches through collaboration with our Ethical Standards Working Group. 

- Refreshed our membership and sponsorship offer, to make it more manageable and sustainable 

- Re-launched an improved Corporate Membership Members Area 

- Completed development of a dedicated Diversity and Inclusion website 






- Produced a Thought Leadership Paper “How to Maximise the Impact and Credibility of the UK Cyber Security Council’s Professional Registration Titles in Cyber Security”. 

- Completed the statutory work surrounding the Royal Charter Charity. 

Held our Inaugural Event to award our first cohort of registrants with their Professional Title certificates. Established a Youth Advisory Panel with representatives aged 16-24 and a geographical spread across the UK, Wales, Northern Ireland and Scotland to help us develop initiatives to address  the longer-term skills gap in the sector. 

In our Cyber Leaders webinar series with Corporate Member, Fortra, we looked at various routes into cyber. 

5 



Achievements 

## YEAR IN REVIEW: ACHIEVEMENTS 


Following successful pilot programmes, we issued official licenses to the first 2 Licensed Bodies, CIISec and The Cyber Scheme, to assess candidates in the first 4 specialisms; Governance and Risk Management, Secure System Architecture and Design, Audit and Assurance and Security Testing. 


Established our Code of Ethics, Guiding Principles and Ethical Declaration, 

alongside the process for investigating ethical breaches. Launched our Ethics committee. 



Began to develop the Incident Response and Secure Systems Development specialisms, which will be the first new specialisms to launch in 2024. 

The management of CCP moved over to the Council and a transition plan was agreed to assess CCP individuals and move them over to the professional register. 


Professional Standards and Professional Ethics 

6 



Achievements 

## YEAR IN REVIEW: ACHIEVEMENTS 

Some key achievements under the aim of ‘Create a Cyber Career Framework linked to mapping Certifications and Qualifications within the sector.’ 



We created a T Level Placement support pack for employers so that they feel confident in hosting T Level placement students. Currently, there are 4 project plans available to download, as well as a sample business case, all of which can be tailored to suit the organisation. The project plans focus on the Digital Support Services T Level, as this is where the cyber security occupational specialism sits. The T Level Placement support is an important step in highlighting one of the career routes into the cyber security profession, with clear progression links to apprenticeships, higher education and even entry-level employment. 

We continued the development of our Certification Framework Tool to create a clear picture of the available cyber security certifications. This volunteer-led project aims to map all the existing relevant cyber security certifications to the CyBOK Knowledge Areas and the 16 cyber security specialisms. At present, 38 certification mappings are live on the website tool. 88 volunteers were active over the year. Taken from the fully mapped certifications, 11,366 key words and phrases have been defined and mapped by our volunteers. 



Approval to draft a process to map certifications, qualifications and training to the professional titles, this will enable individuals to provide evidence to meet competencies and help clarify pathways in Cyber 

A large supporters conference took place, to thank all the volunteers and to seek feedback on key areas of the Councils work and priorities 


Careers and Learning 

7 



Achievements 

## YEAR IN REVIEW: ACHIEVEMENTS 


Under the objective of ‘Use outreach initiatives to address the longer-term skills gap in the sector’ we have: 


- Established terms of reference for and recruited the Council’s inaugural Youth Advisory Panel. The panel will lead projects, raise awareness of routes into the profession, and provide a youth voice across every part of the Council. The panel is made up of members aged 17-25 from across the UK who will serve one-year terms, meeting virtually and in-person over the year. 96 people applied for the positions, of which 18 were selected. Personal feedback was provided for each of the 78 unsuccessful candidates. Expected positive impacts of the panel for the Council include: 

   - creating resources to combat barriers to the profession 

   - generating ideas for projects 

   - contributing to better-informed decisionmaking by having a presence on working groups and committees. We developed a Cyber access Hub for a target audience of 1319-year-olds interested in cyber security. 



The Cyber Access Hub has resources from across the UK to inform younger people about cyber security. Resources are available for parents, carers and teachers as well, because they play a significant role in exciting young people about cyber security. 

Designed a page on our website that is dedicated to answering our frequently asked questions about getting into the cyber security profession. Cyber security professionals within our working groups helped answer these questions, which in turn helps others with getting into the industry. The 10 questions on the page give an overview of the types of questions commonly asked by those looking to get into the profession, from how to get work experience, to which certifications are needed. The Careers Advice page also signposts relevant resources on our website, such as the Cyber Career Framework and the Certification Framework. 

Outreach & Diversity 

8 



Trustee Report 

## REFERENCE & ADMINISTRATION: 

**Royal Charter Number:** RC000924 **Charity Number:** 1198846 **Registered Address:** 5th Floor, One London Wall, London, EC2Y 5BD 

## **Bankers:** 

Lloyds Bank PLC. 25 Gresham Street, 

London EC2V 7HN 

Trustees: 

Claudia Natanson - Chair (appointed 03/03/2022) 


- Jessica Figueras – Vice Chair (appointed03/03/2022) Mike Watson – Treasurer (appointed 03/03/2022) 



## **Solicitors:** 

Birkett’s LLP. Providence House, 141-145 


- Carla Baker – Trustee (appointed 03/03/2022) 

Princes Street, Ipswich, Suffolk, IP1 1QJ 

## **Auditors:** 

Moore Kingston Smith, 9 Appold Street, 

London, EC2A 2AP 




- Chitra Balakrishna – Trustee (appointed 03/03/2022) 

- Nathan Nagaiah – Trustee (appointed 03/03/2022) 

Edward Goodchild – Trustee (appointed 03/032022) 


Frances Le Grys – Trustee (appointed 03/03/2022) 


David Davis – 

Trustee (appointed 13/09/2022) 


Kat Abercrombie – Trustee (appointed October 2022). (Resigned June 2024). 

9 



Trustee Report 

## RESERVES POLICY 

The Trustees treat the unrestricted reserves as available for activities which forward the Charity’s objectives, and for funding the requirements for support and governance costs. 

Free reserves are that part of the Council’s unrestricted funds that are freely available to spend on any of its charitable purposes. 

The Council may maintain free unrestricted reserves for the following reasons: 

a) to provide a level of working capital that protects the continuity; 

b) to provide a level of funding for unexpected opportunities; and 

c) to provide cover for risks such as unforeseen expenditure or unanticipated loss of income. 

The Trustees have reviewed the above criteria with reference to the Council’s strategy and Annual Plan and determined a  target level of free reserves to meet these. 

They may at times designate funds from free reserves for significant project costs or replacement of major assets. 

## RISK MANAGEMENT 

The UK Cyber Security Council Trustees have considered the major risks to which the charity is exposed and have reviewed those risks and established policies, systems and procedures to manage them accordingly. 

The risk register is updated at least quarterly but is regularly reviewed within the operational team to ensure key changes are reflected in the risk log and appropriate plans to mitigate are put in place. 

The principal risks are: 

- Pricing strategy becomes a barrier of entry for the UK CSC Standard and a contractual red line for some licensee bodies 

- Significant delays in the development and roll out of specialist cyber standards 

- Breach of data security or compliance with key regulatory authorities 

- Achievement of the Objectives and Income targets in the Councils Sustainability Plan 

- Lack of support and buy in from the cyber security profession 

10 



Structure and Trustee Board 

## GOVERNANCE STRUCTURE 

Our Board of Trustees has a broad range of relevant skills, knowledge and experience, spanning education, skills and professional development, commercial and business 

development, income generation and fundraising, legal, cyber security, financial management, risk management, business risk, professional standards and ethics, Government affairs and policy and furthering diversity, equality and inclusion. 

The Council considers each of the Trustees independent in character and judgement. 

Declarations of interest are acquired  from new Trustees and updated by all Trustees annually. No remuneration is provided other than reasonable travel and subsistence costs. Trustees regularly review the progress of the charity and its funding and work in conjunction with the executive team and membership bodies to set the strategy for the organisation. 

## Remuneration 

The Chair reviews the remuneration of the Chief Executive and makes a recommendation to the Remuneration Committee for consideration. The Remuneration Committee also review the salaries of the Leadership Team. 

## Auditors 

The Board of Trustees approved the appointment of Moore Kingston Smith as the Auditors on 23/3/22. 

The Council are governed by our Articles of Association (as a Charity Body). 

There are a maximum of 12 Trustee spaces, 8 by general appointment and 4 to be appointed by the membership; There are currently 10 Trustees – 8 from general appointment and 2 appointed by the membership. 

The Trustees are also responsible for the appointment of the Chief Executive, to which they delegate the day-to-day running of the Charity. 

The Board has 4 sub-committees. 

The Programme Board ensures the Council’s programme directorate activity including standards development and career route mapping is fit for purpose and in line with strategy and priorities of the organization. 

The Finance and Audit Board review the risks, controls and financial management of the organization. 

The Remuneration Committee provides a forum, independent of the Council’s other governance bodies, for the review and approval of the remuneration of the Chief Executive, the Leadership Team and any exgratia payments. 

## The Governance and Nominations Sub-Committee ensures 

the Council’s governance is fit for purpose and that it is populated by suitably diverse and skilled individuals, in line with strategy and representation. 

11 



Structure and Trustee Board 

## ORGANISATION STRUCTURE AND MANAGEMENT 

As a start-up organisation it is important that the operational and management structure of the organisation is fit for purpose to deliver on the Council’s mission and objectives. 

As such the Leadership Team review where there are any pinch points within the organisation and then seek to mitigate this through increased human resource or re-prioritisation of tasks. 

This along with the development and implementation of new systems and processes helps staff to be more effective and efficient. 

Our updated structure is made up of four directorates. 

## The Standards Directorate 


Led by the Director of Professional Standards, this directorate is focussed on developing the professional standards based upon our identified cyber specialisms. 

## The Programme Directorate 


Led by the Chief Operating Officer, this directorate is focused on developing the careers road map, outreach programmes and the transition of programmes to the Council. 

## The Chief Executive’s Office 


Led by the CEO, this directorate is focused on strategic planning, technical cyber, governance, external engagement and government relationships. 

In the 2023/2024 financial year we enacted the incorporation of our Royal Chartership, which in practical terms will mean the original charity and company incorporations will remain dormant, and full transition to the new Chartered Charity and Organisation. 


## The Finance & Operations 

Directorate Led by the Director of Finance and Operations, this directorate is focused on managing areas including the organisations finance, marketing, membership and events. 


12 



Achievements 


## FUTURE PLANS 

The 2024-25 financial year will be dominated by ensuring the quality of our Professional Registration Titles to cyber professionals through an internal audit process, identifying the trialling and impact of our professional titles on the profession, agreeing licenses with new Licensed Bodies, launching new specialisms, trialing different assessment processes, launching a new professional title and moving towards a more self-sustainable business model. 

The Council’s additional priorities include: 


- Raising the profile of the Council and our Career Tools – including Certification Framework, Cyber Careers Framework, and Career Mapping Tool. 


- Continuing to maintain high ethical standards in the profession through our work with our Ethics Committee. 


- Working closely with our Youth Advisory Panel to help identify and address the barriers faced by people who wish to work in the cyber 

security sector. 


- Launch a redesigned website focused on the user experience, to improve the accessibility, quality and content of the information we share. 


- Demonstrate value for our Corporate Members through an engaging serious of webinars, blogs and events. 

13 



Structure and Trustee Board 


## TRUSTEE ROLE, APPOINTMENT & INDUCTION 

The role of a Trustee is to ensure that the Council fulfils its duty to its beneficiaries and delivers its vision, mission and values. Working together with the other Trustees – and in collaboration with the CEO they are instrumental in ensuring that the Council delivers its charitable objectives, and values equality, diversity and inclusion. 

Our Trustees are individuals who have a strong empathy with our vision and mission combined with an in-depth understanding of our work and ambitions and they possess an understanding of the culture and needs of a values-driven organisation. 

The role is one of legal liability and responsibility for the compliant running of a charity. Across the Board we seek skills and experience in running a professional organisation, although recognise that not all candidates will have these skills initially. 

Trustees are legally required to act in the best interests of the Council and candidates should therefore not seek to influence the Board in terms of representing any other organisation. 

## **Appointment of trustees** 

## **Trustees' induction and training** 

## **For all Trustees, the following core skills are essential to undertake their duties:** 

On appointment, new trustees are provided with information about the company including its constitution, strategy and plans, finances, staffing structure and its risk register. 

As set out in the articles of association, the board of trustees comprises 

- Excellent communication and influencing skills to be a strong ambassador for the Council 


- not more than 12 trustees finances, staffing structure and its as Board Members risk register. Maximum of 4 elected from among and by the Their attention is drawn to full members relevant Charity Commission the Chief Executive of guidance. They are offered the the Association as an opportunity to meet with the ex- officio member of the chief executive and other staff for Board a full briefing on the organisation’s work. 



- A collaborative approach and openness to other views and feedback on own contribution 




- An ability to think diversely, produce innovative ideas and challenge existing thinking and perspectives 

Board members may serve up to two terms of three years. 

## **Organisation** 

The Board is responsible for the governance of the charity. The trustees delegate the running of the organisation to the chief executive, within a framework of delegated authority. The board meets at least quarterly. 


- Commitment to the Council’s mission and values 


- Commitment to delivering public good 



- Commitment to bringing high standards of ethics and transparency to the Council’s governance 


- Commitment to inclusion and diversity 

14 



Achievements 

## YEAR IN REVIEW: FINANCIAL PERFORMANCE 

The financial year was largely funded via a Grant Funding Agreement with DSIT.  This year saw the Council begin to develop other income streams from programmes of work distributed to the Council from NCSC and an increase in corporate membership and sponsorship. We are grateful to DSIT for their continued support ensuring the Council has the means to continue operating and working through our strategy. 

## **Income** 

## **Expenditure** 

## **Cashflow** 

## **Into 2024-25** 

The overall income for the financial year stood at £1,983,849. 

The majority of income was comprised from the DSIT Grant Funding Agreement. As we transitioned into the next stage of the Council, it allowed for us to take on various programmes of work, this brought in a new revenue line of £94,695.  Corporate membership had a new focus which generated an increase to £174,945. 

In addition to this income, the net assets of the UK Cyber Security Council charitable company totaling £274,562 were transferred to the new Royal Charter organisation. Further details of this are in note 2 of the financial statements. 

Total expenditure for the year was £1,522,656. Reducing costs has been at the forefront of all areas within the Council this financial year, and this has been achieved in all departments. 

Staffing costs remain the largest outgoing for the Council, a restructuring took place this year and we moved away from the culture of outsourcing to a focus on in house. 

To be noted, is the impact of our VAT structure, meaning a total of £126,342 was spent and not reclaimable on VAT. This structure remains in-place but a review of this is on the agenda. 

Cashflow at commencement was supported by the reserves in the unrestricted funds. 

The unrestricted funds ensure that a six month cover is implemented at all times at the Council. 

DSIT have agreed a new Grant Funding Agreement that will provide income of up to £1,000,000 to deliver against the contract KPIs. 

Additionally, we expect to continue to on-board new corporate members and see  an increase in the total annual levies. 

2024-25 will see the Council working with Licensed Bodies in awarding Charterships and other professional registration titles across industry and we will see substantive income around this piece. 

A sustainability plan has been produced for the organisation to ensure a robust plan for financial sustainability in the future while exploring additional income streams, along with our strategy to meet these targets. 

15 



Achievements 

## YEAR IN REVIEW: FINANCIAL PERFORMANCE 

Funded by the Department for Science, Innovation and Technology (DSIT), the Council was 

able to: 

- Enhance the corporate membership scheme and restructure the tiers 

- Recruit key staff to facilitate the transition from outsourcing to inhouse to achieve the focus on areas of savings 

- Redefine events attended and hosted by the Council along with new sponsorship opportunities 

- Launch the first specialisms to the market generating a new revenue stream 

- On board licensed bodies with introductory annual fees to begin the roll out of our titles 

- Complete the career mapping tools and begin to develop the new title for entry level positions 

- Invest in a complete revamp of our website while will be rolled out in the next financial year 

- Invest in a robust marketing strategy as we move on to the next chapter in being sustainable 

The focal point this financial year, was on areas of cost savings, which was successfully achieved and developing the sustainability plan for the Council. It was imperative that we reviewed the organisational structure, as this underpins the future success of the Council and the achievement of the sustainability plan, this remains an ongoing focus. 

There was growth in the corporate membership, which enabled the council to generate close to £175,000 of unrestricted income in  the financial year, contributing to the journey of financial sustainability for the council. In a testament to the relationships built a new revenue stream was presented with programmes of work transitioning to the Council. 

16 



Structure and Trustee Board 


## TRUSTEE STATEMENT OF RESPONSIBILITIES 

The Trustees are responsible for preparing the trustee’s report and financial statements in accordance with applicable law and United Kingdom  accounting practices. 

Charity law in England and Wales and the Royal Charter requires the Trustees to prepare financial statements for each financial year. 

Under charity law the Trustees must not approve the financial statements unless they are satisfied that they give a true and fair view of the situation of the charity and of the incoming resources and application of resources, including the income and expenditure for that period. 

The Trustees are responsible for keeping adequate and proper accounting records that are sufficient to show and explain the charities transactions and disclose with reasonable accuracy at any time the financial position of the charity. 

In preparing these financial statements, the Trustees are required to: 

- Select suitable accounting policies and then apply them consistently 


- Observe the methods and principles in the Charities SORP 


- Make judgements and estimates that are reasonable and prudent 


- State whether applicable UK accounting standards including FRS 102 have  been followed, subject to any material departures disclosed and explained in the financial statements; and 


- Prepare the financial statements on the going concern basis unless it is inappropriate to presume the charity will continue in operation 


- The trustees are responsible for keeping proper accounting records that disclose with reasonable accuracy at any time the financial position of the charity and enable them to ensure that the financial statements comply with the Charities Act 2011. 

The Trustees are responsible for the maintenance and integrity of the corporate and financial information included on the charitable company’s website. 

Legislation in the United Kingdom governing the preparation and dissemination of financial statements may differ from legislation in other jurisdictions. 

As well as safeguarding the assets of the charitable company and group and hence for taking reasonable steps for the prevention and detection of fraud and other irregularities. 

Approved and signed on behalf of the Trustees by 


In so far as we are aware: 


- There is no relevant audit information of which the charities auditor Dr Claudia Natanson MBE I is unaware; and 

Interim CEO and Chair of the Board of Trustees 


- The Trustees have taken all steps that they ought Date: 14 November 2024 

- to have taken to make themselves aware of any relevant audit information and to establish that the auditor is aware of that information. 

17 



## **INDEPENDENT AUDITOR’S REPORT TO THE TRUSTEES OF THE UK CYBER SECURITY COUNCIL** 

## **Opinion** 

We have audited the financial statements of The UK Cyber Security Council for the year ended 31 March 2024 which comprise the Statement of Financial Activities, the Balance Sheet, the Cash Flow Statement and notes to the financial statements, including a summary of significant accounting policies. The financial reporting framework that has been applied in their preparation is applicable law and United Kingdom Accounting Standards, including FRS 102 ‘The Financial Reporting Standard Applicable in the UK and Republic of Ireland’ (United Kingdom Generally Accepted Accounting Practice). 

In our opinion the financial statements: 

- give a true and fair view of the state of the charity’s affairs as at 31 March 2024, and of its incoming resources and application of resources, for the year then ended; 

- have been properly prepared in accordance with United Kingdom Generally Accepted Accounting Practice; and 

- have been prepared in accordance with the requirements of the Charities Act 2011. 

## **Basis for opinion** 

We conducted our audit in accordance with International Standards on Auditing (UK) (ISAs(UK)) and applicable law. Our responsibilities under those standards are further described in the Auditor’s Responsibilities for the audit of the financial statements section of our report. We are independent of the charity in accordance with the ethical requirements that are relevant to our audit of the financial statements in the UK, including the FRC’s Ethical Standard, and we have fulfilled our other ethical responsibilities in accordance with these requirements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion. 

## **Conclusions relating to going concern** 

In auditing the financial statements, we have concluded that the trustees’ use of the going concern basis of accounting in the preparation of the financial statements is appropriate. 

Based on the work we have performed, we have not identified any material uncertainties relating to events or conditions that, individually or collectively, may cast significant doubt on the charity’s ability to continue as a going concern for a period of at least twelve months from when the financial statements are authorised for issue. 

Our responsibilities and the responsibilities of the trustees with respect to going concern are described in the relevant sections of this report. 

## **Other information** 

The other information comprises the information included in the annual report, other than the financial statements and our auditor’s report thereon. The trustees are responsible for the other information. Our opinion on the financial statements does not cover the other information and, except to the extent otherwise explicitly stated in our report, we do not express any form of assurance conclusion thereon. 

In connection with our audit of the financial statements, our responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the audit or otherwise appears to be materially misstated. If we identify such material inconsistencies or apparent material misstatements, we are required to determine whether there is a material misstatement in the financial statements or a material misstatement of the other information. If, based on the work we have performed, we conclude that there is a material misstatement of this other information, we are required to report that fact. 

We have nothing to report in this regard. 

18 



## **Matters on which we are required to report by exception** 

We have nothing to report in respect of the following matters where the Charities Act 2011 requires us to report to you if, in our opinion: 

- the information given in the Trustees’ Annual Report is inconsistent in any material respect with the financial statements; or 

- the charity has not kept adequate accounting records; or 

- the financial statements are not in agreement with the accounting records and returns; or 

- we have not received all the information and explanations we required for our audit. 

## **Other matters** 

The corresponding figures in the financial statements of The UK Cyber Security Council were not audited as the charity did not require a statutory audit under the Charities Act 2011. 

## **Responsibilities of trustees** 

As explained more fully in the trustees’ responsibilities statement set out on page 17, the trustees are responsible for the preparation of the financial statements and for being satisfied that they give a true and fair view, and for such internal control as the trustees determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. 

In preparing the financial statements, the trustees are responsible for assessing the charity’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless the trustees either intend to liquidate the charity or to cease operations, or have no realistic alternative but to do so. 

## **Auditor’s responsibilities for the audit of the financial statements** 

We have been appointed as auditor under section 144 of the Charities Act 2011 and report in accordance with regulations made under section 154 of that Act. 

Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISAs (UK) will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements. 

As part of an audit in accordance with ISAs (UK) we exercise professional judgement and maintain professional scepticism throughout the audit. We also: 

- Identify and assess the risks of material misstatement of the financial statements, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control. 

- Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purposes of expressing an opinion on the effectiveness of the charity’s internal control. 

- Evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by the trustees. 

19 



- Conclude on the appropriateness of the trustees’ use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the charity’s ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our auditor’s report to the related disclosures in the financial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditor’s report. However, future events or conditions may cause the charity to cease to continue as a going concern. 

- Evaluate the overall presentation, structure and content of the financial statements, including the disclosures, and whether the financial statements represent the underlying transactions and events in a manner that achieves fair presentation. 

We communicate with those charged with governance regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit. 

## **Explanation as to what extent the audit was considered capable of detecting irregularities, including fraud** 

Irregularities, including fraud, are instances of non-compliance with laws and regulations. We design procedures in line with our responsibilities, outlined above, to detect material misstatements in respect of irregularities, including fraud. The extent to which our procedures are capable of detecting irregularities, including fraud is detailed below. 

The objectives of our audit in respect of fraud, are; to identify and assess the risks of material misstatement of the financial statements due to fraud; to obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement due to fraud, through designing and implementing appropriate responses to those assessed risks; and to respond appropriately to instances of fraud or suspected fraud identified during the audit. However, the primary responsibility for the prevention and detection of fraud rests with both management and those charged with governance of the charity. 

Our approach was as follows: 

- We obtained an understanding of the legal and regulatory requirements applicable to the charity and considered that the most significant are the Charities Act 2011, the Charity SORP, and UK financial reporting standards as issued by the Financial Reporting Council. 

- We obtained an understanding of how the charity complies with these requirements by discussions with management and those charged with governance. 

- We assessed the risk of material misstatement of the financial statements, including the risk of material misstatement due to fraud and how it might occur, by holding discussions with management and those charged with governance. 

- We inquired of management and those charged with governance as to any known instances of non-compliance or suspected non-compliance with laws and regulations. 

- Based on this understanding, we designed specific appropriate audit procedures to identify instances of non-compliance with laws and regulations. This included making enquiries of management and those charged with governance and obtaining additional corroborative evidence as required. 

There are inherent limitations in the audit procedures described above. We are less likely to become aware of instances of non-compliance with laws and regulations that are not closely related to events and transactions reflected in the financial statements. Also, the risk of not detecting a material misstatement due to fraud is higher than the risk of not detecting one resulting from error, as fraud may involve deliberate concealment by, for example, forgery or intentional misrepresentations, or through collusion. 

20 



## **Use of our report** 

This report is made solely to the charity's trustees, as a body, in accordance with Chapter 3 of Part 8 of the Charities Act 2011. Our audit work has been undertaken so that we might state to the charity’s trustees those matters we are required to state to them in an auditor’s report and for no other purpose. To the fullest extent permitted by law, we do not accept or assume responsibility to any party other than the charity and charity's trustees as a body, for our audit work, for this report, or for the opinion we have formed. 


Moore Kingston Smith LLP Statutory auditor 

9 Appold Street London EC2A 2AP 

Date: 14/11/2024 

Moore Kingston Smith LLP is eligible to act as auditor in terms of Section 1212 of the Companies Act 2006. 

21 



The UK Cyber Security Council 

Statement of Financial Activities (incorporating an Income and Expenditure Account) 

For the year ended 31 March 2024 

|For theyear ended 31 March 2024||||
|---|---|---|---|
|Unrestricted<br>Note<br>£<br>Income from:<br>2<br>233,733<br>3<br>5,337<br>89,358<br>328,428<br>-<br>-<br>32,084<br>-<br>4<br>32,084<br>5<br>296,344<br>-<br>296,344<br>Reconciliation of funds:<br>-<br>16<br>296,344<br>Total funds brought forward<br>Net income for the year<br>Total funds carried forward<br>Transfers between funds<br>Net movement in funds<br>Raising funds<br>Charitable activities<br>Membership & Events<br>Careers & Qualifications<br>Professional Standards<br>Total expenditure<br>Total income<br>Expenditure on:<br>Earned income<br>Membership & Events<br>Donations and legacies<br>Charitable activities|Restricted<br>£<br>1,655,421<br>-<br>-<br>1,655,421<br>56,063<br>293,486<br>905,558<br>235,465<br>1,490,572<br>164,849<br>-<br>164,849<br>-<br>164,849|2024<br>Total<br>£<br>1,889,154<br>5,337<br>89,358<br>1,983,849<br>56,063<br>293,486<br>937,642<br>235,465<br>1,522,656<br>461,193<br>-<br>461,193<br>-<br>461,193|2023<br>Total<br>£<br>-<br>-<br>-|
||||-|
||||-<br>-<br>-<br>-|
||||-|
||||-<br>-|
||||-<br>-|
||||-|



All of the above results are derived from continuing activities. There were no other recognised gains or losses other than those stated above. Movements in funds are disclosed in Note 15 to the financial statements. 

The notes on pages 25 to 33 form part of these financial statements 

22 



The UK Cyber Security Council 

## Balance Sheet 

## As at 31 March 2024 

|As at 31 March 2024|As at 31 March 2024||||
|---|---|---|---|---|
|Note<br>£<br>Fixed assets:<br>10<br>11<br>12<br>Current assets:<br>13<br>393,986<br>212,819<br>606,805<br>Liabilities:<br>14<br>225,976<br>15<br>16<br>296,344<br>Total unrestricted funds<br>Debtors<br>Restricted income funds<br>Unrestricted income funds:<br>The funds of the charity:<br>Creditors: amounts falling due within one year<br>Net current assets<br>Total net assets<br>Investments<br>Cash at bank and in hand<br>Tangible assets<br>Intangible assets<br>General funds<br>Total charity funds||2024<br>£<br>60,053<br>20,211<br>100|£<br>-<br>-|2023<br>£<br>-<br>-<br>-|
|||80,364<br>380,829||-<br>-|
||606,805<br>225,976||-<br>-||
||296,344||-||
|||461,193||-|
|||164,849<br>296,344||-<br>-|
||||||
|||461,193||-|



Approved by the trustees on 14 November 2024 and signed on their behalf by 

- Trustee 

Dr Claudia Natanson 

The notes on pages 25 to 33 form part of these financial statements 

23 



The UK Cyber Security Council 

Statement of cash flows 

## For the year ended 31 March 2024 

|For the year ended 31 March 2024||||
|---|---|---|---|
|Note<br>Net income / (expenditure) for the reporting period<br>Depreciation and amortisation charges<br>(Increase)/decrease in debtors<br>Increase/(decrease) in creditors<br>Net cash from/(used in) operating activities<br>Analysis of cash and cash equivalents<br>Cash in hand and at bank<br>Total cash and cash equivalents<br>Analysis of changes in net debt<br>Cash in hand and at bank<br>Acquisition of tangible fixed assets as a result of transfer<br>Cash flows from investing activities:<br>Acquisition of intangible fixed assets as a result of transfer<br>Cash and cash equivalents at the beginning of the year<br>Cash and cash equivalents at the end of the year<br>Change in cash and cash equivalents in the year<br>Purchase of investments in subsidiary<br>Net cash provided by / (used in) investing activities|£<br>(80,963)<br>(31,057)<br>(100)|£<br>461,193<br>31,756<br>(393,986)<br>225,976<br>324,939<br>(112,120)<br>212,819<br>-<br>212,819<br>At 31 March<br>2024<br>£<br>212,819<br>212,819<br>Cashflows<br>£<br>212,819<br>2024|2023<br>£<br>-<br>-<br>-<br>-|
||||-<br>-<br>-<br>-|
||At Start<br>of year<br>£<br>-|||
||||-<br>-|
||||-|
||||At 31<br>March 2023<br>£<br>-|
||||-|
||||At end of<br>year<br>£<br>212,819|



24 



The UK Cyber Security Council 

Notes to the financial statements 

## For the year ended 31 March 2024 

- 1 Accounting policies 

- a) Company information 

The UK Cyber Security Council is a charity registered in England with registration number RC000924. Its registered office address is 5th Floor, One London Wall, London, EC2Y 5BD. 

## b) Basis of preparation 

The financial statements have been prepared in accordance with Accounting and Reporting by Charities: Statement of Recommended Practice applicable to charities preparing their accounts in accordance with the Financial Reporting Standard applicable in the UK and Republic of Ireland (FRS 102) (effective 1 January 2015) - (Charities SORP FRS 102), the Financial Reporting Standard applicable in the UK and Republic of Ireland (FRS 102) and Update Bulletin 2, and the Charities Act 2011. 

The charity has taken advantage of the exemptions under section 9.3 of FRS 102 not to prepare consolidated accounts, on the basis that the group of which this is the parent qualifies as a small group and the subsidiaries inclusion is not material for the puporses of giving a true and fair view in the context of the group. 

The accounts are presented in GBP rounded to £1, which is the functional currency of the charity. Assets and liabilities are initially recognised at historical cost or transaction value unless otherwise stated in the relevant accounting policy or note. The functional currency is Sterling Pound (GBP). 

## Basis of Consolidation 

The company has taken advantage of the exemptions provided by section 405 of the Companies Act 2006 not to include UK Cyber Security Services Limited as it is not material to the group. The company has not prepared group financial statements as the subsidiary undertakings are considered to be not material to the group. Therefore the financial statements present information about the individual charity and not the group. 

## c) Public benefit entity 

The charitable company meets the definition of a public benefit entity under FRS 102. 

## d) Going concern 

The trade and operations of the charitable company were transfered to UK Cyber Security Council started trading as a Royal Charter charity from 1 April 2023. All the assets and liablities were transfered at their value at the date of the transfer. The financial statements have been prepared on a going concern basis. The trustees assess whether the use of going concern is appropriate i.e. whether there are any material uncertainties related to events or conditions that may cast significant doubt on the ability of the charity to continue as a going concern. The trustees make this assessment in respect of a period of one year from the date of approval of the financial statements. 

Annual budgets are updated regularly taking this into account with prudent figures for both income and expenditure. The charity holds significant reserves and has liquid assets in the form of cash held in short term deposits. 

For this reason the trustees continue to adopt the going concern basis in preparing the financial statements. 

## e) Income 

Income, including from Government and other grants, whether 'capital' or 'income', is recognised when the charity has entitlement to the funds, any performance conditions attached to the income have been met, it is probable that the income will be received and that the amount can be measured reliably. 

Membership income is generally for a period of tweleve months. Membership income relating to future financial years is deferred. 

25 



The UK Cyber Security Council 

Notes to the financial statements 

## For the year ended 31 March 2024 

- f) Fund accounting 

   - Restricted funds are to be used for specific purposes as laid down by the donor.  Expenditure which meets these criteria is charged to the fund. 

Unrestricted funds are donations and other incoming resources received or generated for the charitable purposes. 

Designated funds are unrestricted funds earmarked by the trustees for particular purposes. 

- g) Expenditure and irrecoverable VAT 

Expenditure is recognised once there is a legal or constructive obligation to make a payment to a third party, it is probable that settlement will be required and the amount of the obligation can be measured reliably. Expenditure is classified under the following activity headings: 

- Costs of raising funds relate to the costs incurred by the charitable company in inducing third parties to make voluntary contributions to it, as well as the cost of any activities with a fundraising purpose. 

- Expenditure on charitable activities includes the costs of offering fellowships and delivering related services undertaken to further the purposes of the charity and their associated support costs. 

- Other expenditure represents those items not falling into any other heading. 

Irrecoverable VAT is not charged as a cost against the activity for which the expenditure was incurred but identified separately as a cost itself. 

## h) Allocation of support costs 

Resources expended are allocated to the particular activity where the cost relates directly to that activity. However, the cost of overall direction and administration of each activity (support costs), comprising the salary and overhead costs of the central function, is apportioned on the following basis which are an estimate, based on staff time, of the amount attributable to each activity. 

Where such information about the aims, objectives and projects of the charity is also provided to potential donors, activity costs are apportioned between fundraising and charitable activities on the basis of area of literature occupied by each activity. 

||Cost of raising funds|4.52%|
|---|---|---|
||Membership & Events|20.86%|
||Professional Standards|56.79%|
||Careers & Qualifications|17.83%|



Where information about the aims, objectives and projects of the charity is provided to potential beneficiaries, the costs associated with this publicity are allocated to charitable expenditure. 

## i) Intangible fixed assets 

Intangible fixed assets comprise of databases and website development. The estimated useful life is estimated to be between 3 and 5 years. 

## j) Tangible fixed assets 

Items of equipment are capitalised where the purchase price exceeds £500. Depreciation costs are allocated to activities on the basis of the use of the related assets in those activities. Assets are reviewed for impairment if circumstances indicate their carrying value may exceed their net realisable value and value in use. 

Depreciation is provided at rates calculated to write down the cost of each asset to its estimated residual value over its expected useful life. The depreciation rates in use are as follows: 

 IT and phone equipment 

3 years 

26 



The UK Cyber Security Council 

Notes to the financial statements 

## For the year ended 31 March 2024 

- k) Financial Instruments 

The charity only has financial assets and financial liabilities of a kind that qualify as basic financial instruments. Basic financial instruments are initially recognised at transaction value and subsequently measured at their settlement value. 

## Financial assets 

Trade and other debtors are recognised at the settlement amount due after any trade discount offered. Prepayments are valued at the amount prepaid net of any trade discounts due. 

## Financial Liabilities 

Creditors and provisions are recognised where the charity has a present obligation resulting from a past event that will probably result in the transfer of funds to a third party and the amount due to settle the obligation can be measured or estimated reliably. Creditors and provisions are normally recognised at their settlement amount after allowing for any trade discounts due. 

## l) Cash at bank and in hand 

Cash at bank and cash in hand includes cash and short term highly liquid investments with a short maturity of three months or less from the date of acquisition or opening of the deposit or similar account.  Cash balances exclude any funds held on behalf of service users. 

## m) Pensions 

The charity contributes towards the employees' personal pension schemes. The cost of the contribution is charged to the statement of financial activities on an accruals basis. 

## m) Significant accounting policies 

In the application of the company’s accounting policies, the charity is required to make judgements, estimates and assumptions about the carrying amount of assets and liabilities that are not readily apparent from other sources. The estimates and associated assumptions are based on historical experience and other factors that are considered to be relevant. Actual results may differ from these estimates. 

The estimates and underlying assumptions are reviewed on an on-going basis. Revisions to accounting estimates are recognised in the period in which the estimate is revised, if the revision affects only that period, or in the period of the revision and future periods if the revision affects both current and future periods. 

There are no estimates and assumptions that are considered to have a significant risk of causing a material adjustment to the financial statements in a future period. 

27 



The UK Cyber Security Council 

## Notes to the financial statements 

## For the year ended 31 March 2024 

## 2 Income from donations 

|Income from donations|||||
|---|---|---|---|---|
|Grant from Department of Science, Innovation and<br>Technology<br>Transfer of net assets|Unrestricted<br>£<br>-<br>233,733<br>233,733|£<br>1,614,592<br>40,829<br>1,655,421<br>Restricted|2024 total<br>Total<br>£<br>1,614,592<br>274,562<br>1,889,154|2023<br>Total<br>£<br>-<br>-|
|||||-|



Transfer of net assets refers to the transfer of all the net assets of UK Cyber Security Council, charitable company as at 31 March 2023 preceding the registration of UK Cyber Security Council with Royal Charter status which started trading on 1 April 2023. 

## 3 Income from charitable activities 

|Income from charitable activities|||||
|---|---|---|---|---|
|Total income from charitable activities<br>Membership & Events<br>Earned income|Unrestricted<br>£<br>5,337<br>89,358<br>94,695|£<br>-<br>-<br>-<br>Restricted|2024<br>Total<br>£<br>5,337<br>89,358<br>94,695|2023<br>Total<br>£<br>-<br>-|
|||||-|



28 



The UK Cyber Security Council 

Notes to the financial statements 

## For the year ended 31 March 2024 

4 Analysis of expenditure 

|Staff costs (Note 6)<br>Staff expenses<br>Staff recruitment<br>Computer and IT support<br>Contractors<br>Design and communication<br>Events Attendance & Conferences<br>General office costs<br>Legal and professional fees<br>Office rent and insurance<br>Technical service<br>Website and web services<br>Audit<br>Unrecoverable VAT<br>Support costs<br>Total expenditure 2024<br>Total expenditure 2023|Cost of<br>raising<br>funds<br>£<br>18,831<br>-<br>-<br>-<br>-<br>-<br>-<br>-<br>-<br>-<br>-<br>-<br>-<br>-|Membership<br>& Events<br>£<br>86,859<br>4,167<br>-<br>-<br>-<br>-<br>29,890<br>839<br>-<br>-<br>-<br>-<br>-<br>-|Professional<br>Standards<br>£<br>236,468<br>8,122<br>-<br>-<br>223,755<br>-<br>-<br>1,769<br>-<br>-<br>-<br>-<br>-<br>-|74,227<br>3,256<br>10,560<br>-<br>666<br>Careers &<br>Qualifications|Support<br>costs<br>£<br>321,166<br>43,970<br>10,000<br>16,093<br>45,676<br>14,832<br>522<br>64,489<br>26,508<br>22,055<br>5,725<br>103,496<br>22,373<br>126,342|2024 Total<br>£<br>737,551<br>59,515<br>10,000<br>16,093<br>279,991<br>14,832<br>30,412<br>67,763<br>26,508<br>22,055<br>5,725<br>103,496<br>22,373<br>126,342|2023<br>Total<br>£<br>-<br>-<br>-<br>-<br>-<br>-<br>-<br>-<br>-<br>-<br>-<br>-<br>-<br>-|
|---|---|---|---|---|---|---|---|
||18,831<br>37,232|121,755<br>171,731|470,114<br>467,528|88,709<br>146,756|823,247<br>(823,247)|1,522,656|-<br>-|
||56,063|293,486|937,642|235,465|-|1,522,656|-|
||-|-|-||-|-||



Of the total expenditure, £32,084 was unrestricted and £1,490,572 was restricted. 

29 



The UK Cyber Security Council 

Notes to the financial statements 

## For the year ended 31 March 2024 

- 5 Net income for the year 

This is stated after charging / crediting: 

|This is stated after charging / crediting:|||
|---|---|---|
||2024|2023|
||£|£|
|Depreciation|10,846|-|
|Auditors' remuneration (excluding VAT):|||
|Audit (current year)|19,200|-|
|Audit (previous year under accrual)|3,172|-|



Analysis of staff costs, trustee remuneration and expenses, and the cost of key management 6 personnel 

Staff costs were as follows: 

|Staff costs were as follows:|||
|---|---|---|
|Employer’s contribution to defined contribution pension schemes<br>Salaries and wages<br>Social security costs|2024<br>£<br>658,152<br>67,783<br>11,616|2023<br>£<br>-<br>-<br>-|
||737,551|-|



The following number of employees received employee benefits (excluding employer pension costs) during the year in bandings of costs greater than £60,000: 

||2024|2023|
|---|---|---|
||No.|No.|
|£60,000 - £69,999|2|-|
|£110,000 - £119,999|1|-|



The total employee benefits including pension contributions of the key management personnel, made up of the  Chief Executive Officer, Director of Standards, Director of Finance and Operations, Chief Operating Officer, EA and Head of Governance were £392,090. 

The charity trustees were not paid or received any other benefits from employment with the charity in the year.  No charity trustee received payment for professional or other services supplied to the charity. 

## 7 Staff numbers 

The average number of employees (head count based on number of staff employed) during the year was as follows: 

|as follows:|||
|---|---|---|
|Cost of raising funds<br>Professional Standards<br>Governance and support<br>Membership & Events<br>Careers & Qualifications|2024<br>No.<br>0.4<br>1.8<br>4.8<br>1.5<br>6.5|2023<br>No.<br>4.3<br>2.9<br>5.7<br>-<br>4.9|
||15.0|17.8|



30 



The UK Cyber Security Council 

Notes to the financial statements 

## For the year ended 31 March 2024 

## 8 Related party transactions 

One trustee was reimbursed £222 for travel expenses during the year. There are no related party transactions to disclose for 2024. 

## 9 Subsidiary undertaking 

The charity has a wholly owned subsidiary, UK Cyber Security Services Limited, company number 14552920, registered in England and Wales. It's registered office address is 5th Floor, One London Wall, London 5th Floor, One London Wall, London, United Kingdom, EC2Y 5BD. 

The principal activty of the company is to manage the membership services on behalf of the charity. 

|Membership income<br>Cost of sales<br>Gross profit<br>Administrative expenses<br>Profit for the year<br>The assets and liabilities were:<br>Current assets<br>Current liabilities<br>10<br>Intangible fixed assets<br>Cost<br>At the start of the year<br>Additions in year<br>At the end of the year<br>Depreciation<br>At the start of the year<br>Charge for the year<br>At the end of the year<br>Net book value<br>At the end of the year|£<br>167,945<br>-<br>15 months<br>ending 31<br>December<br>2024|Total<br>£<br>-<br>80,963|
|---|---|---|
||167,945||
||(4721)||
||163,224||
||182,268<br>(19,044)||
||163,224||
||Database<br>and website<br>£<br>-<br>80,963||
||80,963|80,963|
||-<br>20,910|-<br>20,910|
||20,910|20,910|
||60,053|60,053|



All of the above assets are used for charitable purposes. 

31 



The UK Cyber Security Council 

Notes to the financial statements 

## For the year ended 31 March 2024 

|For the year ended 31 March 2024||||
|---|---|---|---|
|11<br>All of the above assets are used for charitable purposes.<br>12<br>13<br>14<br>Owed to trading subsidiary<br>15<br>Additions in year<br>At the end of the year<br>Accruals<br>Investments<br>Debtors<br>100 ordinary shares in UK Cyber Security Services<br>At the end of the year<br>At the end of the year<br>At the start of the year<br>Charge for the year<br>At the start of the year<br>Cost<br>Depreciation<br>Net book value<br>Tangible fixed assets<br>Trade debtors<br>Creditors: amounts falling due within one year<br>Investments<br>Net current assets<br>Net assets at the end of the year<br>Tangible fixed assets<br>Analysis of net assets between funds<br>Prepayments and accrued income<br>Trade creditors<br>Taxation and social security<br>Other creditors<br>Other debtors<br>Intangible fixed assets|£<br>60,053<br>20,211<br>100<br>215,980<br>General<br>unrestricted|IT & phone<br>equipment<br>£<br>-<br>31,057|Total<br>£<br>-<br>31,057|
|||31,057|31,057|
|||-<br>10,846|-<br>10,846|
|||10,846|10,846|
|||20,211|20,211|
|||2024<br>£<br>100|2023<br>£<br>-|
|||2024<br>£<br>36,874<br>1,650<br>355,462|2023<br>£<br>-<br>-<br>-|
|||393,986|-|
|||2024<br>£<br>131,835<br>20,876<br>2,145<br>100<br>71,020|2023<br>£<br>-<br>-<br>-<br>-|
|||225,976|-|
|||Restricted<br>£<br>-<br>-<br>-<br>164,849|Total funds<br>2024<br>£<br>60,053<br>20,211<br>100<br>380,829|
||296,344|164,849|461,193|



32 



The UK Cyber Security Council 

## Notes to the financial statements 

## For the year ended 31 March 2024 

## 16 Movements in funds 

|e year ended 31 March 2024<br>Movements in funds||||||
|---|---|---|---|---|---|
|Total restricted funds<br>General funds<br>Total funds<br>Total unrestricted funds<br>Restricted funds:<br>Unrestricted funds:<br>Grant from DSIT|At 1 April<br>2023<br>£<br>-|Incoming<br>resources &<br>gains<br>£<br>1,655,421|Outgoing<br>resources &<br>losses<br>£<br>(1,490,572)|Transfers<br>£<br>-|At 31 March<br>2024<br>£<br>164,849|
||-|1,655,421|(1,490,572)|-|164,849|
||-|328,428|(32,084)|-|296,344|
||-|328,428|(32,084)|-|296,344|
||-|1,983,849|(1,522,656)|-|461,193|



## Purposes of restricted funds 

The grant from the Department of Science, Innovation and Technology is used to cover costs of setting the standard and developing and delivering specialisms for the Cyber Security Profession. 

## 17 Capital commitments 

There were no capital commitments not provided for in the financial statements. 

## 18 Taxation 

The charity is exempt from corporation tax to the extent that all its income is charitable and is applied for charitable purposes. 

33