TRUSTEE REPORT

AND FINANCIAL STATEMENTS FOR THE YEAR ENDED 31 MARCH 2025

Royal Charter Number: RC000924 Charity Number: 1198846

1

CONTENTS

2

FOREWORD

Connecting, championing and chartering the UK's cyber security profession.

In a year when there has been an even greater spotlight on cyber security in the wake of a number of high profile cyber-attacks resulting in significant financial and reputational damage and a loss of public trust and confidence in the security of their data, the Council has continued in its efforts to grow the Register and promote the benefits of holding a professional title as part of the UK’s Cyber Security Strategy.

Through our work to set the standards for competence and ethics, award professional titles and to support access into and progression within a career in cyber, we’re on a mission to grow and empower the UK’s cyber security workforce. We continue to work closely with Government, the National Cyber Security Centre and regulators to highlight the importance of professional registration as a kitemark of high standards and ethics.

In 2024 we completed the launch of six specialist titles: Governance and Risk Management, Security Architecture & Design, Audit & Assurance, Incident Response, Security Testing, Security Operations and began development of a further two: Secure System Development and Cyber Security Management. We approved applications from an additional 386 individuals on to the Register of Cyber Professionals. This is an increase of 67% (231) on the previous year.

We have invested in our IT infrastructure and have grown our team of staff to an average of 12.7 employees during the year, allowing us to develop the capability to assess applications for Associate registration which will launch in 2025, widening access to early career professionals.

Working with our four Licensed Bodies (CiiSEC, CREST, The Cyber Scheme and ISC2) and our Technical Advisory Panel we piloted new assessment approaches for our Chartered, Principal and Practitioner titles and have strengthened our quality assurance of their routes to registration.

For those considering a cyber career, through our Youth Advisory Panel, we have continued to offer access to careers advice, mentoring and role models. During 2024/5 our team attended 13 events, exhibited at 7, and provided speakers for 15 panels and conferences. In addition, they hosted 26 webinars and participated in 8 virtual online events.

The DSIT Professional Title fund has enabled 110 individuals to gain financial support for their professional registration.

NCSC sponsorship has enabled a further 196 individuals to gain funding to support their professional registration.

It remains our ambition that all cyber professionals be required to hold professional registration and that the Register of Cyber Professionals be the means by which organisations delivering or procuring cyber security services satisfy themselves that those individuals engaged in cyber security work meet the highest standards of professional behaviour and technical competence.

We will continue to work with Government to seek opportunity for legislation to align professional registration with efforts to increase cyber resilience and support growth in the UK economy.

3

PURPOSE AND PUBLIC BENEFIT

The purpose of the UK Cyber Security Council is to set and oversee the standards for the Cyber Security profession, act as the voice of the cyber security profession and help ensure that the UK is the safest place to live and work online, as set out in the original National Cyber Security Strategy (2016-2021).

The Council’s strategic objectives set by the board in early 2025 are:

Council registration is seen as the marker of quality and trust.

All cyber security professionals are Council-registered.

The profession (both individually and collectively) feels understood and is supported by its Council. Individuals at any stage of their career can see their path into and progression within the profession.

Organisations know how to create a cyber security-first environment in which professionals can thrive and deliver highly effective cyber resilience.

The Council is a financially selfsustaining, independent organisation.

Professional Standards – setting the standards for practitioners across the sector remains a key priority for the Council. By bringing together professionals working within the cyber security sector with Industry, Government and Academia, we will establish a professional community based on a commitment to uphold high standards of technical competence and ethics and a career framework that supports professional progression within the sector.

We will work in collaboration with the wider industry to tackle issues such as closing the skills gap and make sure that we see a more representative workforce.

PUBLIC BENEFIT

One of our key values is inclusion. This means everyone. We embrace diversity of all kinds and the rich knowledge this empowers us with. We break down barriers, promote fairness and champion the need for and the benefits of inclusion.

We will benefit the public through our work to demystify and simplify career paths within cyber which will have a tangible impact on the provision of cyber security services through the reduction of the skills gap in the sector.

We will ensure that those in the profession are working to a defined professional standard and uphold behaviours required by the Code of Ethics. Through partnerships we will ensure that

anyone wanting to start a career in, or progress within, cyber security can.

This not only benefits individuals but also employers, businesses and the wider community, creating a world where the whole of society is safe and secure in cyber space.

4

YEAR IN REVIEW: ACHIEVEMENTS

Professionalisation:

• The Council restructured its Careers & Qualifications and Professional Standards teams to form an overarching Professionalisation team. This has enabled a

• better use of resources focused on delivery of key work steams, improving end to end processes that support professional registration.

• Fully launched 6 specialisms; Governance and Risk Management, Security Architecture & Design, Audit & Assurance, Incident Response, Security Testing, Security Operations.

• We have overseen assessment delivery by four Licensed Bodies operating over the last year – CIISec, ICS2, CREST and The Cyber Scheme.

• Pilots for the 2 remaining planned specialisms; Secure System Development and Cyber Security Management were initiated.

• Continued success of the Youth Advisory Panel (YAP) and the launch of the next set of recruits.

• Created a Mapping process evaluating several qualifications, certifications and schemes against the UKCSC professional standards – this was across specialisms and professional titles with the first certifications now live.

• Created of a new initiative called the Cyber Access Network (CAN) to create engagement with the next generation of cyber professionals and build a pipeline to the Associate title.

• We collaborated with UKC3 which saw us gain additional DSIT funding to support brand creation and launch of the Cyber Access Network (CAN) – 462

• members joined before end of March 2025 with total membership now currently at over 700. We are working with UKC3 to develop a long-term strategic partnership.

• Operational Technologies (OT) specialism is in working group phase, being led by the community to understand if this will need to form a new specialism or sit across existing specialisms.

• Government committed to providing funding for internal cyber professionals to become professionally registered, with funding secured for the new FY.

• Associate pilot has been launched and is near to completion, testing the Council’s approach to direct delivery of assessments. Over 200 individuals have

• expressed an interest for the Associate title via this pilot, over 100 have already applied, with 110 expected to have joined the register by the end of the

5

pilot. This is a significant development for the Council, as it requires a change in our operational model and enables us to have complete ownership over the

entry level pipeline.

Relationships with UK regulators continue to develop and opportunities for strategic and policy alignment continue to be explored.

Operations:

• Corporate Membership delivered for the first year and exceeded targets by nearly 50%, renewals were strong and new EOIs continue to come through.

• Staff retention was at the highest level since formation of the Council.

• The staff survey carried out within the year was more positive in all areas than the previous survey, 64% being the starkest contrast. Staff felt previous areas

of concern had been listened to and addressed.

• Recruitment of an additional pool of volunteers to support our Technical Advisory Panel, working groups and moderation assessors.

• Website re-fresh commenced and due to complete Summer 2025.

New re-brand for the Council completed supported by revised marketing strategy.

• Council Showcase event “Journey to Professionalisation” well attended and positive feedback received.

New 3-year grant funding agreement with DSIT confirmed.

• Growing social media presence and following.

Regular and well attended events programme which align with Council purpose.

6

REFERENCE & ADMINISTRATION

7

RESERVES POLICY & RISK MANAGEMENT

RESERVES POLICY:

RISK MANAGEMENT:

The Trustees treat the unrestricted reserves as available for activities which forward the Charity’s objectives and for funding the requirements for staff support and governance.

The UK Cyber Security Council Trustees have considered the major risks to which the charity is exposed and have reviewed those risks and established policies, systems and procedures to manage them accordingly.

Free reserves are the part of the Council’s unrestricted funds that are freely available to spend on any of its charitable purposes.

The Council may maintain free unrestricted reserves for the following reasons:

To provide a level of working capital that protects the continuity;

To provide a level of funding for unexpected opportunities; and

To provide cover for risks such as unforeseen expenditure or

unanticipated loss of income

The Trustees have reviewed the above criteria with reference to the Council’s strategy and Annual Plan and determined a target level of free reserves to meet these.

They may at times designate funds from free reserves for significant project costs or replacement of major assets.

The risk register is updated at least quarterly but is regularly reviewed within the operational team to ensure key changes are reflected in the risk log and appropriate plans to mitigate are put in place.

The principal risks are:

Achieving financial sustainability to address the year-on-year reduction in DSIT grant funding

• Agreeing revised Licensed Body contracts to ensure sufficient assessment provision to meet growth in registrant pipeline

• Maintaining an operating model that can deliver the councils duties and responsibilities as a Chartered Body and meet its strategic objectives within the constraints of current revenue streams.

8

GOING CONCERN:

In preparing these financial statements, the trustees have assessed the Council’s ability to continue as a going concern. Cash flow forecasts have been prepared to 31 March 2027 which indicate that, taking account of existing unrestricted reserves, the Council is able to meet its liabilities as they fall due for at least 12 months from the date of approval of the accounts.

Accordingly, the trustees consider it appropriate to prepare the financial statements for the year ended 31 March 2025 on a going concern basis.

While the trustees have concluded that the going concern basis of accounting remains appropriate, a material uncertainty exists in relation to the achievement of forecast growth in commercial income. Should this growth not be realised, the Council may face challenges to its ability to continue as a going concern beyond the 12 month assessment period and would need to implement mitigating actions, which would include seeking additional funding support or effecting cost saving measures.

9

GOVERNANCE STRUCTURE

Our Board of Trustees has a broad range of backgrounds, skills, knowledge and experience spanning; academia, professional services, legal, cyber security, finance, risk management, business risk, governance, Government affairs, policy and furthering diversity, equality and inclusion.

The Council considers each of the Trustees independent in character and judgement. Declarations of interest are acquired from new Trustees and updated by all Trustees annually. No remuneration is provided other than reasonable travel and subsistence costs. Trustees regularly review the progress of the charity and its funding and work in conjunction with the executive team and stakeholder bodies to set the strategic priorities for the organisation.

Remuneration

The Remuneration Committee has responsibility for approving the remuneration of the Chief Executive and reviews the pay scales applied to the Leadership Team.

Auditors

The Board of Trustees approved the appointment of Moore Kingston Smith as the Auditors on 23/03/2022.

The Council are governed by our Articles of Association (as a Charity Body).

There are a maximum of 12 Trustee positions, 8 by general appointment and 4 appointed by election by the membership. There are currently 6 Trustees on the board – 5 from general appointment and 1 appointed by the membership.

The Trustees are also responsible for the appointment of the Chief Executive, to which they delegate the day-to-day running of the Charity.

The Board has 4 sub-committees:

The Programme Board providing oversight of the Council’s Professionalisation directorate activity including standards development and career route mapping, ensuring the process for awarding professional titles and registration is fit for purpose and in line with the Charter requirements and strategic priorities of the organisation.

The Finance and Audit Board is responsible for reviewing the risks, controls and financial management of the organisation.

The Remuneration Committee provides a forum, independent of the Council’s other governance bodies, for the review and approval of the remuneration of the Chief Executive, the Leadership Team and any ex-gratia payments.

The Governance and Nominations SubCommittee ensures the Council’s governance is fit for purpose, complies with Charity Commission requirements and that it is populated by suitably diverse and skilled individuals in line with strategy and representation.

10

ORGANISATION STRUCTURE & MANAGEMENT

As a small organisation, it is important that the operational and management structure of the organisation is fit for purpose to deliver on the Council’s mission and objectives.

As such, the Leadership Team are responsible for balancing day to day operational delivery requirements with additional demands on resources arising from projects, business objectives or environmental factors. Risk action plans are used to monitor effectiveness of mitigation measures and support prioritisation of resources.

This, along with the development and implementation of new systems and processes, helps staff to be more effective and efficient.

Our updated structure is made up of 3 directorates:

The Professionalisation Directorate

Led by the Head of Professionalisation and supported by the COO, this directorate is focussed on developing the professional standards based upon our identified cyber specialisms and the accreditation and quality assurance of routes to registration and mapped certifications.

The Finance & Operations Directorate

Led by the Director of Finance & Operations, this directorate is focussed on managing business support functions including the organisation’s finance, IT, marketing, membership and events teams.

The Chief Executive’s Office

Led by the CEO and supported by the COO, this directorate is focussed on stakeholder engagement, strategic planning, policy, governance, external affairs and government relationships.

11

FUTURE PLANS

The 2025-2026 financial year will be dominated by ensuring the quality of our Professional Registration Titles to cyber professionals through a thorough review of our standards and supporting framework, identifying the value and impact of our professional titles on the profession, agreeing licenses with new Licensed Bodies, launching new specialisms, trialling different assessment processes and progression towards a more self-sustainable business model.

The Council’s priorities include:

• Recruitment of a permanent CEO and onboarding of new trustees.

• Strengthen and grow the pool of licensed bodies to support pipeline forecasts and financial sustainability.

• Utilise technology to develop website and CRM infrastructure to strengthen the Council’s position to direct deliver the Associate title to a larger audience.

• Review of the quality and effectiveness of the standards for professional registration and implementation of a new quality framework to provide assurance and consistency around outcomes.

• Continued focus on mapping of certifications and examinations to professional titles to understand alignment of technical skills to professional competencies.

Full review of CPD process and requirements.

• Launch the Cyber Security Management and Secure System Development specialisms and build a roadmap for future specialism development.

12

TRUSTEE ROLE, APPOINTMENT & INDUCTION

The role of a Trustee is to ensure that the Council fulfils its duty to its beneficiaries and delivers its vision, mission and values. Working together with the other Trustees, and in collaboration with the CEO, they are instrumental in ensuring that the Council delivers its charitable objectives and values equality, diversity and inclusion.

Our Trustees are individuals who have a strong empathy with our vision and mission, combined with an in-depth understanding of our work and ambitions. They possess an understanding of the culture and needs of a values-driven organisation.

The role is one of the legal liability and responsibility for the compliant running of a charity. Across the Board, we seek skills and experience in running a professional organisation, although recognise that not all

candidates will have these skills initially.

Trustees are legally required to act in the best interest of the Council and candidates should therefore not seek to influence the Board in terms of representing any other organisation or group.

For all Trustees, the following core skills are essential to undertake their duties:

• Excellent communication and influencing skills to be a strong ambassador for the Council. A collaborative approach and openness to other views and feedback on own contribution.

• An ability to think diversely, produce innovative ideas and challenge existing thinking and perspectives.

• Commitment to the Council’s mission and values.

• Commitment to delivering public good.

Commitment to bringing high standards of ethics and transparency to the Council’s governance.

• Commitment to inclusion and diversity.

Appointment of Trustees

As set out in the Articles of Association, the Board of Trustees comprises:

• Not more than 12 Trustees as Board Members.

Maximum of 4 elected from among and by the full members.

• The Chief Executive of the Association as an ex-offico member of the Board.

Board members may serve up to three terms of 3 years.

Trustees’ Induction & Training

On appointment, new Trustees are provided with information about the company, including its constitution, purpose and objectives, its finances, staffing structure and risk register.

Their attention is drawn to relevant Charity Commission guidance. They are offered the opportunity to meet with the Chief Executive and other staff for a full briefing on the organisation’s work.

Organisation

The Board is responsible for the governance of the charity. The Trustees delegate the running of the organisation to the Chief Executive within a framework of delegated authority captured in a Scheme of Delegation document. The Board meets at least

quarterly.

13

YEAR IN REVIEW: FINANCIAL PERFORMANCE

The financial year was largely funded via a Grant Funding Agreement with DSIT. This year saw the Council further develop income streams within professional registration and an increase in corporate membership and sponsorship. We are grateful to DSIT for their continued support, ensuring the Council has the means to continue operating and working through our strategy.

Income

The overall income for the financial year stood at £1,513,398.

The majority of income was comprised from the DSIT Grant Funding Agreement. As we transitioned into the next stage of the Council, it allowed for us to take on additional professional titles. This brought revenue up to £223,490. Corporate membership had a restructure and was successful in delivery, generating revenue of £132,200.

Expenditure:

Total expenditure for the year was £1,268,758. Reducing costs has been at the forefront of all areas

within the Council this financial year and this has been achieved in all departments.

Staffing costs remain the largest outgoing for the Council. A restructure resulting in the merging of two teams took place along with a recruitment campaign to strengthen our volunteer pool in our commitment to move away from outsourcing to a focus on in-house expertise.

To be noted is the impact of our VAT structure, meaning a total of £35,031 was spent and not reclaimable on VAT.

Cashflow:

The unrestricted funds ensure that three months of financial cover is maintained at all times. The level of general unrestricted funds held at the year-end are in line with this policy.

Into 2025-26:

DSIT issued a new 3 year Grant Funding Agreement in March 2025, this arrangement will provide funding of up to £1m in 2025-26 enabling the council to deliver against contract KPIs. Grant funding levels will reduce on a sliding scale over the next three years.

A focus remains on the delivery and growth of our refreshed corporate membership proposition alongside the launch of the new Associate title, providing an entry level route into professional registration that will also be delivered directly by the Council.

We will continue to deliver on our sustainability plan whilst performing an annual update of effectiveness and further exploring opportunities for additional income streams as part of our strategy to meet these financial targets.

14

YEAR IN REVIEW: FINANCIAL PERFORMANCE

Funded by the Department for Science, Innovation and Technology (DSIT), the Council was able to:

Launch Practitioner and Associate titles

Invest in the development and launch of a new Practitioner title and creation of an additional entry level Associate grade, providing a route to professional registration for early career individuals. This will open the gateway for thousands of individuals including, those on Apprenticeships, university graduates, technical certificate holders and those finishing training schemes. In 2025/26 the Council will deliver a pilot to test mapped routes and direct delivery of Associate pathways.

Showcase Event

The Council delivered a key event for all stakeholders in March which focused on the work of the Council, promoting the importance of professionalisation and impact of the councils work to date. This was delivered in collaboration with Microsoft, a corporate member and in partnership with licensed bodies, registrants and volunteers of the Council. Positive feedback was received and an increase in expressions of interest to volunteer. New enquiries about professional registration and additional connections were some of the outcomes following the event.

Growth of register

This has been slower than originally forecasted, four licenced bodies were in place through this FY, each delivering assessments in specific specialisms. Most registrants came through pilot programmes, through the assessor route, or via Government funded pathways such as CCP transition, NCSC funding or the DSIT professional titles fund. Few came via other routes. Assessor capacity has proved to be a barrier for licensed bodies meaning the numbers of individuals they can process is limited. There have also been concerns around the quality of the assessors and assessments undertaken. Conversations have been started with new organisations to scope interest in becoming a licensed body and a pilot has been agreed for the Council to trial the direct delivery of the Associate title. A full quality review and creation of a new framework to support some of the challenges is being implemented in 2025/26, this will address the quality issues. A re-forecast is being implemented for the next three years.

However, through this FY two further specialisms were piloted and launched; Incident Response and Secure Operations, meaning six specialisms were available. Numbers of the professional register do continue to grow and the addition on the newly aligned Associate title will present significant opportunity

15

for the Council to take ownership over growing the register. Income that was not generated through original forecasted organic registration applications was supported by income from the NCSC and DSIT professional titles fund.

Website, rebrand and Marketing

A new layout, incorporating the new Council branding will be launched in Summer 2025. The aim of this refresh is to provide a more coherent and focused customer journey. The current website is quite cumbersome and difficult to navigate and calls to action are not clear. A large piece of work has been underway with a brand partner to re-design critical pages of the website, create a brand for the new Cyber Access Network and support the launch and work of the Youth Advisory Panel. This is key to the future success and ambitions of the Council to promote Cyber as a career, grow the pipeline and demystify

route into and through the profession. A new marketing strategy was created which focused on the key stakeholder groups of the Council and this will be implemented and reviewed in the new FY with our new Marketing and Comms manager.

Invest in staff and merge teams

A review of the structure of the professional standards and careers and qualifications teams resulted in a new professionalisation function, bringing together the expertise of both teams under the leadership of a new Head of Professionalisation role. The main purpose was to increase collaboration, and therefore outcomes across the two areas and remove single points of failure. Where budget allows, staff are supported to undertake training and development opportunities, and a salary benchmarking exercise was completed in 2024. An annual staff survey was also undertaken to help identify areas for improvement and best practice.

The focal point this financial year was on areas of cost savings, which was successfully achieved and developing a sustainability plan for the Council. It was imperative that we reviewed the organisational structure and engaged in conversations with DSIT regarding routes to registration and the Councils role in direct delivery of assessments alongside the Licensed Bodies as this underpins the future success of the Council and the achievement of the sustainability plan – this remains an ongoing focus.

Continued growth of the corporate membership along with an increase in professional registration enabled the Council to generate close to £412,142 of unrestricted income in the financial year, contributing to the journey of financial sustainability for the Council.

16

TRUSTEE STATEMENT OF RESPONSIBILILTIES

The Trustees are responsible for preparing the Trustee’s report and financial statements in accordance with applicable law and United Kingdom accounting practices.

Charity law in England and Wales and the Royal Charter requires the Trustees to prepare financial statements for each financial year.

Under charity law, The Trustees must not approve the financial statements unless they are satisfied that they give a true and fair view of the situation of the charity and of the incoming resources and application of resources, including the income and expenditure for that period.

The Trustees are responsible for keeping adequate and proper accounting records that are sufficient to show and explain the charity’s transactions and disclose with reasonable accuracy at any time the financial position of the charity.

In preparing these financial statements, the Trustees are required to:

• Select suitable accounting policies and then apply them consistently

• Observe the methods and principles in the Charities SORP

• Make judgements and estimates that are reasonable and prudent

• State whether applicable UK accounting standards, including FRS102, have been followed, subject to any material departures disclosed and explained in the financial statements; and

Prepare the financial statements on the going concern basis, unless it is inappropriate to presume the charity will continue in operation

The Trustees are responsible for keeping proper accounting records that disclose with reasonable accuracy at any time the financial position of the charity and enable them to ensure that the financial statements comply with the Charities Act 2011.

As well as safeguarding the assets of the charitable company and group and hence for taking reasonable steps for the prevention and detection of fraud and other irregularities.

In so far as we are aware:

There is no relevant audit information of which the charities auditor is unaware; and

• The Trustees have taken all steps that they ought to have taken to make themselves aware of any relevant audit information and to establish that the auditor is aware of that information.

The Trustees are responsible for the maintenance and integrity of the corporate and financial information included on the charitable company’s website.

17

Legislation in the United Kingdom governing the preparation and dissemination of financial statements may differ from legislation in other jurisdictions.

Approves and signed on behalf of the Trustees by:

~~…………………………………~~

of the Board

Date:

18

INDEPENDENT AUDITOR'S REPORT TO THE TRUSTEES OF THE UK CYBER SECURITY COUNCIL Oplnion We have audited the financial statements of The UK Cyber Security Council for the year ended 31 March 2025 which comprise the Statement of Financial Activities, the Balance Sheet, the Cash Flow Statement and notes to the financial statements, including a summary of significant accounting policies. The financial reporting framework that has been applied in their preparation is applicable law and United Kingdom Accounting Standard5, including FRS 102 'The Financial Reporting Standard Applicable in the UK and Republic of Ireland, (United Kingdom Generally Accepted Accounting Practice). In our opinion the financial statements: give a true and fair view of the state of the charity'5 affairs as at 31 March 2025, and of it5 incoming resource5 and application of resources, for the year then ended; have been properly prepared in accordance with United Kingdom Generally Accepted Accounting Practice,. and have been prepared in accordance with the requirements of the Charities Act 2011. Basis for opinion We conducted our audit in accordance with International Standards on Auditing IUKI IISAslU Kll and applicable law. Our responsibilities under those standards are further described in the Auditor's Responsibilities for the audit of the financial statements section of our report. We are independent of the charity in accordance with the ethical requirements that are relevant to our audit of the financial statements in the UK. including the FRC'S Ethical Standard, and we have fulfilled our other ethical responsibilities in accordance with these requirements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion. Material uncertainty related to going concern We draw attention to note Id in the financial statements, which indicates that a material uncertainty exists in relation to the achievement of forecast growth in commercial income. As stated in note Id these event5 or conditions, along with the other matters as set forth in note Id indicate that a material uncertainty exists that may cast significant doubt on the charity's ability to continue as a going concern. Our opinion is not modified in respect of this matter. In auditing the financial statements, we have concluded that the trustees, use of the going concern basis of accounting in the preparation of the financial statements is appropriate. Our responsibilities and the responsibilities of the trustees with respect to going concern are described in the relevant sections of this report. Other information The other information comprises the information included in the annual report, other than the financial statements and our auditor's report thereon. The trustees are responsible for the other information. Our opinion on the financial statements does not cover the other information and, except to the extent otherwise explicitly stated in our report. we do not express any form of assurance conclusion thereon.

In connection with our audit of the f inancial statements, our responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the audit or otherwise appears to be materially misstated. If we identify such material inconsistencies or apparent material misstatements, we are required to determine whether there is a material misstatement in the f inancial statements or a material misstatement of the other information. If, based on the work we have performed, we conclude that there is a material misstatement of this other information, we are required to report that fact. We have nothing to report in this regard. Matters on which we are required to report by exception We have nothing to report in respect of the following matters where the Charities Act 2011 requires us to report to you if, in our opinion.. the information given in the Trustees. Annual Report is inconsistent in any material respect with the financial statements,. or the charity has not kept adequate accounting records,. or the financial statements are not in agreement with the accounting records and returns; or we have not received all the information and explanations we required for our audit. Re5pon5ibilitie5 of trustees As explained more fully in the trustees, responsibilities statement set out on page 17, the trustees are responsible for the preparation of the f inancial statements and for being satisfied that they give a true and fair view, and for such internal control as the trustees determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. In preparing the f inancial statements, the trustees are responsible for assessing the charity's ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless the trustees either intend to liquidate the charity or to cease operations, or have no realistic alternative but to do so. Audltorfs responslbllltles for the audlt of the flnanclal statements We have been appointed as auditor under section 144 of the Charities Act 2011 and report in accordance with regulations made under section 154 of that Act. Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. and to issue an auditor's report that includes our opinion. Reasonable assurance is 3 high level of assurance, but is not a guarantee that an audit conducted in accordance with ISAS IUKI will always detert a material misstatement when it exists. Misstatements can arise from f raud or error and are considered material if, individually or in aggregate, they could reasonably be expected to inf luence the economic decisions of users taken on the basis of these f inancial statements. As part of an audit in accordance with ISAS IUKI we exercise professional judgement and maintain professional scepticism throughout the audit. We also.. 20

Identify and assess the risks of material misstatement of the financial statements, whether due to fraud or error. design and perform audit procedures responsive to those risks. and obtain audit evidence that is suff icient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions. misrepresentations. or the override of internal control. Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purposes of expressing an opinion on the effectiveness of the charity's internal control. Evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by the trustees. Conclude on the appropriateness of the trustees, use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast signif icant doubt on the charitws ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our auditorfs report to the related disclosures in the f inancial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditorfs report. However, future events or conditions may cause the charity to cease to continue as a going concern. Evaluate the overall presentation, structure and content of the financial statements, including the disclosures, and whether the financial statements represent the underlying transactions and events in a manner that achieves fair presentation. We communicate with those charged with governance regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit. Explanation as to what extent the audit was considered capable of detecting irregularities, including fraud Irregularities, including fraud, are instances of non-compliance with laws and regulations. We design procedures in line with our responsibilities, outlined above, to detect material misstatements in respect of irregularities, including fraud. The extent to which our procedures are capable of detecting irregularities, including fraud is detailed below. The objectives of our audit in respect of fraud, are,. to identify and assess the risks of material misstatement of the financial statements due to fraud; to obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement due to fraud, through designing and implementing appropriate responses to those assessed risks; and to respond appropriately to instances of fraud or suspected fraud identified during the audit. However, the primary responsibility for the prevention and detection of fraud rests with both management and those charged with governance of the charity. Our approach was as follows= We obtained an understanding of the legal and regulatory requirements applicable to the charity and considered that the most significant are the Charities Act 2011, the Charity SORP, and UK f inancial reporting standard5 as issued by the Financial Reporting Council. 21

We obtained an understanding of how the charity complies with these requirements by discussions with management and those charged with governance. We assessed the risk of material misstatement of the financial statements, including the risk of material misstatement due to fraud and how it might occur, by holding discussions with management and those charged with governance. We inquired of management and those charged with governance as to any known instances of non- compliance or suspected non-compliance with laws and regulations. Based on this understanding, we designed specific appropriate audit procedures to identify instances of non-compliance with laws and regulations. Thi5 included making enquiries of management and those charged with governance and obtaining additional corroborative evidence as required. There are inherent limitations in the audit procedures described above. We are less likely to become aware of instances of non-compliance with laws and regulations that are not closely related to events and transactions reflected in the financial statements. Also, the risk of not detecting a material misstatement due to f raud is higher than the risk of not detecting one resulting from error, a5 fraud may involve deliberate concealment by, for example, forgery or intentional misrepresentations, or through collusion. Use of our report This report is made solely to the charity's trustees, as a body, in accordance with Chapter 3 of Part 8 of the Charities Act 2011. Our audit work has been undertaken so that we might state to the charity's trustees those matters we are required to state to them in an auditor's report and for no other purpose. To the fullest extent permitted by law, we do not accept or assume responsibility to any party other than the charity and charity's trustees as a body. for our audit work. for this report, or for the opinion we have formed. Moore Kingston Smith LLP Statutory auditor 9 Appold Street London EC2A 2AP Date.. 16 March 2026 Moore Kingston Smith LLP 15 eligible to act as auditor in terms of Section 1212 of the Companies Act 2006. 22

The UK Cyber Security Council Consolidated Statement of Financial Activities (incorporating an Income and Expenditure Account) For the ear ended 31 March 2025 2025 Total Unrestricted Restricted 2024 Total Unrestricted Restricted Note Income from: Donations and legacies Charitable activities Membership& Events Earned income Commercial Irading operation Total Income 1.101,256 1,101,256 233,733 1.655.421 1.889,154 5,337 89.358 167,945 5,337 89,358 167,945 56,452 355,690 56,452 355,690 412,142 1,101,256 1,S13,398 496,373 1,655,421 2,151,794 Expenditure on.. Raising funds Charitable activities Member5hip& Events Professionalisation Careers & Qualifications Commercial trading operation Total expendlture 56,063 56,063 180 32,356 208,716 928,360 208,896 960.716 293.486 905.558 235.465 293,486 937,642 235,465 4,721 32,084 99,146 99,146 131,682 1.137,076 1.268,758 4,721 36,805 1 ,490,5 72 1,527,377 Net Income for the year 280,460 135,8201 244.640 459,568 164,849 624,417 Net movement in funds 280,460 135,8201 244.640 459,568 164,849 624,417 Reconclllatlon of funds.. Total fund5 brought forward 459.568 164,849 624,417 Total funds carrled foThvard 740,028 129,029 869.057 459,568 164.849 624,417 All of the above results are derived from continuing activities. There were no other recognised gains or losses other than those stated above. Movement5 in funds are disclosed in Note 15 to the financial 5tatementS. The notes on pages 28 ro 39 form parr of these financial statements 23

The UK Cyber Security Council Statement of Flnanclal Actlvltles (incorporating an Income and Expenditure Account) 2025 Total Unrestricted Restricted 2024 Total Unrestricted Restricted Note Income from: Donations and legacies Charitable activities Membership& Events Earned income Other- salary recharges Total Income 163.224 1.101,256 1,264,480 233,733 1,655.421 1.889,154 5,337 89,358 5,337 89,358 56,452 58,240 56,452 58,240 277,916 1,101,256 1,379,172 328,428 1,655,421 1,983,849 Expenditure on.. Raising funds Charitable activities Membership& Events Professionalisation Careers & Qualifications Total expenditure 56,063 56,063 180 32,356 208,716 928,360 208,896 960,716 293.486 905.558 235,465 293,486 937,642 235,465 32.084 32,536 1.137,076 1,169,612 32.084 1 .490.5 72 1.522,656 Net income for the year 245.380 135,8201 209,560 296,344 164.849 461,193 Net movement in funds 245.380 135,820) 209,560 296,344 164.849 461,193 Reconciliation of funds.. Total fund5 brought forward 296,344 164,849 461.193 Total fund5 carried forward 541.724 129,029 670,753 296,344 164,849 461,193 All of the above re5uIis are derived from continuing aciiviiies. There were no oiher reco9nised gains or105ses other than Ihose slated above. Movements in funds are disclosed in Nore 15 to rhe financial starements. The notes on pages 28 to 39 form part of these financial statements 24

The UK Cybersecurlty Councll Balance sheet As at 31 March 2025 Consolidated 2025 Charity 2025 2024 2024 Note Fixed a55ets'. Intangible assets Tangible assets Investment5 39.143 9.366 60,053 20,211 39.143 9.366 60,053 20,211 100 48,509 80,264 48,609 80,364 Current assets: Debtors Cash at bank and in hand 273.330 727,642 406,774 382.399 288.374 475,803 393,986 212.819 1,000,972 789,173 764,177 606,805 Llabllltles: Creditors.. amounts falling due within one year 14 180.424 245,020 142.033 22 5,976 Net current assets 820.548 544,153 622.144 380,829 Total net assets 869.057 624,417 670.753 461,193 The funds of the charlry: Restricted income funds Unrestricred income fund5= General funds 129,029 164.849 129,029 164.849 740.028 459,S68 541.724 296,344 Total unrestricted funds 740.028 459,568 541.724 296,344 Total charity funds 869,057 624.417 670,753 461.193 Approved by the trustees on and signed on their behalf by Mi'ke kvatfjoh Mike Watson 1610312026 The notes on pages 28 to 39 form part of Ihese financial statements 25

The UK Cybersecurlty Councll Statement of Consolldated cash flows For the arended 31 March 2025 Note 2025 2024 Net Income l (expendlturel for the reportlng perlod Depreciation and amortisation charges Ilncreaselldecrease in debtors Increaselldecreasel in creditors 244.640 31.755 133.4 164,596) 624,417 31,756 {406,6741 244,920 Net cash froml{used in) operating activities 345.243 494,419 Cash flows from Investlng actlvltles.. Acquisition of tangible fixed assets as a result of transfer Acqui51tion of intangible fixed assets as a result of transfer 180,963) 131,057) Net cash provlded by l (used In) Investlng a(tSvltles 1112,0201 Change In cash and cash equlvalents In the year 345,243 382,399 Cash and cash equivalents at the beginning of the year 382.399 Cash and cash equlvalents at the end of the year 727.642 382,399 Analysis of cash and cash equlvalents At 31 March At31 2025 March 2024 Cash in hand and at bank 727.642 382,399 Total cash and cash equlvalents 727.642 382,399 Analysis of changes in net debt At Start of year At end of year Cashflows Cash in hand and at bank 382,399 345,243 727,642 26

The UK Cybersecurlty Councll Statement of Charlry cash flows For the arended 31 March 2025 Note 2025 2024 Net Income l {expendlturel for the reportlng perlod Depreciation and amortisation charges Ilncreaselldecrease in debtors Increaselldecreasel in creditors 209,560 31.755 105.612 (83,943) 461,193 31,756 1393,9861 225,976 Net cash froml{used in) operating activities 262.984 324,939 Cash flows from Investlng actlvltles: Acqui51tion of tangible fixed assets as a result of transfer Acqui51tion of intangible fixed assets as a result of transfer Purchase of investments in subsidiary 180,9631 131,0571 11001 Net cash provided by I (used inl investing activities 1112,120) Change in cash and cash Èquivalents in the year 262,984 212,819 Cash and cash equivalents at the beginning of the year 212,819 Cash and cash equlvalents at the end of the year 475,803 212,819 Analysls of cash and cash equlvalents At 31 March At31 2025 March 2024 Cash in hand and at bank 475.803 212,819 Total cash and cash equlvalents 475.803 212,819 Analysls of changes In net debt At Start of year At end of year Cashflows Cash in hand and at bank 212,819 262,984 475,803 27

The UK Cyber Securltycouncll Notes to the Consolldated flnanclal statements For the ar ended 31 March 2025 l Accounting policies a) Company Informatlon The UK Cyber Secu rity Council is a charity registered in England with registration number RC000924. Its registered office address is 5th Floor, One London Wall, London, EC2Y 5BD. b) Basls of preparatlon The financial statements have been prepared in accordance with Accounting and Reporting by Charities.. Statement of Recommended Practice applicable to charities preparing their accounts in accordance with the Financial Reporting Standard applicable in the UK and Republic of Ireland IFRS 1021 leffective l January 20151 (Charities SORP FRS 1021, the Financial Reporting Standard applicable in the UK and Republic of Ireland IFRS 1021 and Update Bulletin 2, and the Charities Act 2011 The accounts are presented in GBP rounded to £1 , which is the functional currency of the charity. Assets and liabilities are initially recognised at historical cost or transaction value unless otheNise stated in the relevant accounting policy or note. The functional currency is Sterling Pound IGBPI. Basis of Consolidation The group comprises UK Cyber Security Council and UK Cyber Security Services Limited. The assets, liabilities, and results of the wholly owned subsidiary are consolidated into these financial statement5. Summarised details of the subsidiary company are set out in note 9. c) Public benefit entity The charitable company meets the definition of a public benefit entity under FRS 102. d) Golng concern In preparing these financial statements, the trusrees have assessed rhe Council's ability to continue as a going concern. Cash flow forecasts have been prepared to 31 March 202 7 which indicate that, taking account of existing unrestricted reserve5, the Council is able to meet its liabilities as they fall due for at least 12 month5 from the date of approval of the accounts. Accordingly, the trustees consider it appropriate to prepare the financial statements for rhe year ended 31 March 202 5 on a going concern basis. While the trustees have concluded that the going concern basis of accounting remain5 appropriate. a material uncertainty exists in relation to the achievement of forecast growth in commercial income. Should this growth not be realised, the Council may face challenges to its ability to continue as a going concern beyond the 12 month assessment period and would need to implement mitigating actions, which would include seeking additional funding support or effecting cost saving measures. e) Income Income, including from Government and other grants, whether 'capital' or 'iniome', is recognised when the charity has entitlement to the funds, any performance conditions attached to the income have been met, it is probable that the income will be received and that the amount can be measured reliably. Membership income is generally for a period of tweleve months. Membership income relating to future financial years is deferred. f) Fund accounting Restricted funds are to be used for specific purpose5 as laid down by the donor. Expenditure which meets these criteria is charged to the fund. Unrestricted funds are donations and other incoming resources received or generated for the charitable purposes. Designated funds are unrestricted funds earmarked by the trustees for particular purpose5. 28

The UK Cyber Securltycouncll Notes to the Consolldated flnanclal statements For the ar ended 31 March 2025 g) Expenditure and irrecoverable VAT Expenditure is recognised once there is a legal or constructive obligation to make a payment to a third party. it 15 probable that settlement will be required and the amount of the obligation can be measured reliably. Expenditure is classified u nder the following activity headings.. Costs of raising funds relate to the costs incurred by the charitable company in inducing third parties to make voluntary contriburions to it, as well as rhe cost of any activities with a fundraising purpose. Expenditure on charitable activities includes the costs of offering fellowships and delivering related services undertaken to further the purposes of the charity and their associated support costs. Other expenditure represents those items not falling into any other heading. Irrecoverable VAT is not charged as a cost against the activity for which the expenditure was incurred but identified separately as a cost itself. h) Allocatlon of support costs Resources expended are allocated to the particular activity where the cost relates directly to that activity. However, the cost of overall direction and administration of each activiry (support costs), comprising the salary and overhead costs of the central function, 15 apportioned on the following basis which are an estimate, based on Staff time, of the amount attributable to each activity. Where such information about the aims, objectives and projects of the charity 15 also provided to potential donors, activity costs are apportioned between fundraising and charitable activities on the basis of area of literature occupied by each activity. Cost of raising funds Membership & Events Profe5sionalisation Career5 & Qualifications 81% Where information about the aims, objectives and projects of the charity is provided to potential beneficiaries, the costs associated with this publicity are allocated to charitable expenditure. Intangible fixed assets Intangible fixed assets comprise of databases and website development. The estimated useful life is estimated to be between 3 and 5 years. i) Tangible fixed assets Item5 of equipment are capitalised where the purchase price exceeds £500. Depreciation costs are allocated to activities on the basis of the use of the related assets in those activities. Assets are reviewed for impairment if circumstances indicate their carrying value may exceed their net realisable value and value in use. Depreciation is provided at rates calculated to write down the cost of each asset to its estimated residual value over its expected useful life. The depreciation rates in use are as follows.. IT and phone equipment 4 years 29

The UK Cyber Securltycouncll Notes to the Consolldated flnanclal statements For the ar ended 31 March 2025 k) Financial Instruments The charity only has financial assets and finaniial liabilitie5 of a kind that qualify as basic financial instruments. Basic financial instruments are initially recognised at transaction value and subsequently measured at their settlement value. Flnanclal assets Trade and other debtors are recognised at the settlement amount due after any trade discount offered. Prepayments are valued ar the amount prepaid net of any trade discounts due. Flnanclal Llabllltles Creditors and provisions are recognised where the charity has a presenr obligation resulting from a past event rhat will probably result in the transfer of funds to a third party and the amount due to settle rhe obligation can be measured or estimated reliably. Creditors and provisions are normally recogni5ed at their settlement amount after allowing for any trade discounts due. D Cash at bank and In hand Cash at bank and cash in hand includes cash and short term highly liquid investments with a short maturity of three months or less from the date of acquisition or opening of the deposir or similar account. Cash balances exilude any funds held on behalf of service users. m) Pensions The charity contributes towards the employee5, personal pension scheme5. The c05t of the contribution is charged to the statement of financial activities on an accruals basis. n) Significant accounting policies In the application of the company's accounting policies, the charity is required to make judgement5, estimates and assumptions about the carrying amount of assets and liabilities that are not readily apparent from other sources. The estimates and associated assumptions are based on historical experience and other factors that are considered to be relevant. Actual results may differ from these estimates. The estimates and underlying assun7Ptions are reviewed on an on-going basis. Revisions to accounting estimates are recognised in the period in which the estimate is revised, if the revision affects only that period, or in the period of the revision and future periods if the revision affects both current and future periods. There are no esrimates and assumprions that are considered ro have a significant risk of causing a material adjustment to the financial statements in a future period. 30

The UK Cyber Securltycouncll Notes to the Consolldated flnanclal statements For the ar ended 31 March 2025 2 Income from donatlons Group 2025 Total 2024 Total Unrestricred Restricted Grant from Department of Science, Innovation and Technology Transfer of net assets 1,101,256 1.101.256 1,614,592 274,562 1,101,256 1,101,256 1,889,154 Charlty 2025 Total 2024 Total Unrestricred Restricted Grant from Department of Science, Innovation and Technology Transfer of net assets Gif aid donation from UKCSS 1,101,256 1.101.256 1,614,592 274,562 163,224 163,224 163,224 1,101,256 1.264.480 1,889,154 Transfer of net assets refers to the transfer of all the net assets of UK Cyber Security Council, charitable company as at 31 March 2023 preceding the registration of UK Cyber Security Council with Royal Charter status which started trading on l April 2023. 3 Income from charitable activities Group and Charity 2025 Total 2024 Total Unrestricted Restricted Membership & Events Earned income 5,337 89,358 56,452 56.452 Total income from charitable activities 56,452 56.452 94,695 31

The UK Cyber Security Council

Notes to the consolidated financial statements

For the year ended 31 March 2025

4 Analysis of expenditure

----- Start of picture text -----
Cost of Membership Professiona- Professional Careers & Support 2024
raising funds & Events lisation Standards Qualifications costs 2025 Total Total
£ £ £ £ £ £
Staff costs (Note 6) - 75,122 328,726 - - 230,179 634,027 737,551
Staff expenses - 3,638 7,512 - - 20,033 31,183 59,515
Staff recruitment - - - - - 375 375 10,000
Computer and IT support - - - - - 28,325 28,325 16,093
Contractors - (6,339) 49,984 - - 92,042 135,687 279,991
Design and communication - 2,694 250 - - 6,674 9,618 14,832
Events Attendance & Conferences - 6,132 356 - - 1,175 7,663 30,412
General office costs - 191 1,750 - - 47,511 49,452 67,763
Legal and professional fees - - 14,394 - - 34,827 49,221 26,508
Office rent and insurance - - - - - 7,070 7,070 22,055
Technical service - - - - - - - 5,725
Website and web services - - - - - 162,395 162,395 103,496
Audit - - - - - 19,565 19,565 22,373
Unrecoverable VAT - - - - - 35,031 35,031 126,342
- 81,438 402,972 - 685,202 1,169,612 1,522,656
- - - -
Support costs 127,458 557,744 (685,202)
Total expenditure 2025 - 208,896 960,716 - - 1,169,612 1,522,656
Total expenditure 2024 56,063 293,486 - 937,642 235,465 - 1,522,656
----- End of picture text -----

Of the total expenditure, £32,536 was unrestricted and £1,137,076 was restricted.

Following a restructure during 2025, the activities have shifted resulting in the merger of the professional standards and careers and qualifications team into one to align with the objectives.

32

The UK Cyber Security Council

Notes to the consolidated financial statements

For the year ended 31 March 2025

----- Start of picture text -----
Cost of Membership Professiona- Professional Careers & Support 2024
raising funds & Events lisation Standards Qualifications costs Total
£ £ £ £ £ £ £
Staff costs (Note 6) 18,831 86,859 236,468 74,227 321,166 737,551
Staff expenses - 4,167 8,122 3,256 43,970 59,515
Staff recruitment - - - 10,000 10,000
Computer and IT support - - - 16,093 16,093
Contractors - - 223,755 10,560 45,676 279,991
Design and communication - - - - 14,832 14,832
Events Attendance & Conferences - 29,890 - 522 30,412
General office costs - 839 1,769 666 64,489 67,763
Legal and professional fees - - - 26,508 26,508
Office rent and insurance - - - 22,055 22,055
Technical service - - - 5,725 5,725
Website and web services - - - - 103,496 103,496
Audit - - - 22,373 22,373
Unrecoverable VAT - - - 126,342 126,342
18,831 121,755 - 470,114 88,709 823,247 1,522,656
-
Support costs 37,232 171,731 467,528 146,756 (823,247)
Total expenditure 2024 56,063 293,486 - 937,642 235,465 - 1,522,656
----- End of picture text -----

33

The UK Cyber Securiry Council Notes to the Consolidated financial statement5 Net income for the year This is stated after charging I crediting.. 2025 2024 Depreciation Auditors. remuneration (excluding VATI= Audit Icurrent year) Audit (previous year under accrual) 10,845 10,846 18,000 1,565 19,200 3,172 Analysls of staff costs, trustee remuneratlon and expenses, and the cost of key management personnel Staff costs were as follows= 2025 2024 Salaries and wages Social security COSts Employer's conrribution to defined contribution pension schemes 566.594 57.388 10.045 658,152 67,783 11,616 634.027 737,551 The following number of employee5 received employee benefit5 (excluding employer pension costs) during the year in bandings of costs greater than £60,000.. 2025 No. 2024 No. £60,000- £69,999 £80,000- £89,999 £1 10,000- £119,999 The total employee benefits including pension contributions of the key management personnel, made up of the Interim Chief Executive Officer, Director of Professional Standards, Director of Finance and Operations, Chief Operating Officer, EA and Head of Governance and Head of Professionalisation were £420,16012024.' Chief Executive Officer, Director of Standards, Director of Finance and Operations, Chief Operating Officer, EA and Head of Governance were £392,090). Caudia Natan50n resigned a5 a trustee to accept appointment as Interim CEO of the Council from 2 5th November 2024 to 9th May 2025. Her remuneration during this period amounted to £87,51 S. This includes £50,000 owed to her at the year end which will be paid once approved by the Charity Commission. No other charity trustees were paid or received any other benefits from employment with the charity in the year. No charity trustee received payment for professional or other 5ervice5 supplied to the charity. Staff numbers The average number of employees (head count based on number of staff employed) during the year was as follows.. 2025 No. 2024 No. Cost of raising funds Membership & Events Profe5sionalisation Professional Standards Careers & Qualifications Governance and supporr 12.7 15.0 34

The UK Cyber Securlty Councll Note5 to the Consolldated flnanclal statements For the ear ended 31 March 2025 Related party transaction5 One trustee was reimbursed £926 for travel expenses during the year incurred in their role as interim CEO.12024.' One trustees was reimbursed £2221. There are no other related parry rransactions to disclose for 202 5 12024.. none). Subsidiary undertaking The charity has a wholly owned subsidiary, UK Cyber Security Services Limited, company number 145 52920. registered in England and Wales. It's registered office address is 5th Floor, One London Wall, London 5th Floor, One London Wall, London, United Kingdom, EC2Y 5BD. The principal activty of the company is to manage the membership services on behalf of the charity. Year ending 31 March 2025 Year ending 31 March 2024 Sales and Membership income Cost of sales 355,690 193,5951 167,945 Gross profit 262.095 167,945 Administrarive expenses Staff costs recharges Gift aid donation to UKCSC 15,5511 158,2401 1163,2241 14,7211 Profit for rhe year 35,080 163,224 The assets and liabilities were.. Current assets Current liabilities 295,135 196,7311 182,368 119,0441 198.404 163.324 Intangible fixed a55et5 Group and Charlty Database and website Total Cost At the start of the year 80,963 80.963 At the end of the year 80.963 80,963 Depreciation At the start of the year Charge for the year 20.910 20.910 20.910 20.910 At the end of rhe year Net book value At the end of the year 41.820 41.820 39.143 39.143 At the start of the year All of the above assets are used for charitable purposes. 60,053 60.053 35

The UK Cyber Securlry Councll Notes to the Consolldated flnanclal statements For the ar ended 31 March 2025 Tangible fixed assets Group and Charlty IT & phone equipment Total Cost At the start of the year Additions in year 43.382 43,382 At the end of the year 43,382 43,382 Depreclatlon At the start of the year Charge for the year 23,171 10.845 23,171 10.845 At the end of the year Net book value At the end of the year 34,016 34,016 9.366 9,366 At the start of the year All of rhe above assets are used for charitable purposes. 20,211 20,211 12 Investments 2025 2024 100 ordinary shares in UK Cyber Security Services 100 100 13 Debtors Group 2025 Charlty 2025 2024 2024 Trade debtor5 Other debtors Prepayment5 and accrued income 30,029 1 .650 241,651 43,074 8,238 355,462 36.874 1,650 355,462 59.890 228,484 273,330 406,774 288,374 393,986 14 Credltors.. amounts falllng due wlthln one year Group 2025 Charlty 2025 2024 2024 Trade creditors Taxation and social Security Other creditors Owed to trading subsidiary Accruals 57,042 143,879 20,876 2,145 100 78.020 57,042 131,835 20.876 2.145 100 71.020 15.095 2.304 100 82,587 108,287 180,424 245,020 142,033 225,976 36

The UK Cyber Securlty Councll Note5 to the Consolldated flnanclal statements For the ear ended 31 March 2025 15 Analysls of net assets be￿een funds Group General unrestricted Total funds 2025 Restricted Intangible fixed assets Tangible fixed assets Net current a55ets 39,143 9,366 691,519 39.143 9.366 820,548 869.057 129,029 Net assets at the end of the year 740.028 129.029 General unresrricted Total funds 2024 Restricted Intangible fixed asset5 Tangible fixed assets Net current assets 60,053 20.211 379,304 60,053 20,211 544.153 164,849 Net assets at the start of the year 459,568 164,849 624,417 Charity Ceneral unrestricted Total funds 2025 Restricted Intangible fixed assets Tangible fixed assets Investments Net current assets 39,143 9,366 100 493,115 39.143 9.366 ioo 622,144 129,029 Net assets at the end of the year 541,724 129,029 670.753 General unrestricted Total funds 2024 Re5trirted Intangible fixed assets Tangible fixed assets Investment5 Net current assets 60,053 20,211 100 215,980 60.053 20.211 ioo 380.829 164,849 Net assets at the start of the year 296.344 164.849 461.193 37

The UK Cyber Securlty Councll Note5 to the Consolldated flnanclal statements For the ear ended 31 March 2025 16 Movements In funds Group At l April 2024 Incoming resources & Outgoing resources & At 31 March 2025 Transfers Restricted fvnds- Grant from DSIT 164.849 1,101,256 11,137.0761 129,029 Total restrlcted funds 164,849 1,101,256 11,137,076) 129.029 Unrestrlcted funds: General funds 459,568 412,142 1131,6821 740.028 Total unrestrlcted funds 459,568 412,142 1131,6821 740,028 Total funds 624,417 1,513,398 11,268,758) 869.057 Incoming resources & gains Outgoing resources & losses At l April 2023 At 31 March 2024 Transfers Restricted funds: Grant from DCMS 1,655,421 11,490,5721 164.849 Total ￿$trIcted fvnds 1,655.421 11,490,572) 164,849 Unrestricted fvnds= General fund5 496,373 136,8051 459,568 Total unrestrlcted funds 496,373 136,8051 459.568 Total funds 2,151.794 11,527,377) 624,417 Charlty Incoming resources & gains Outgoing resources & losse5 At l April 2024 At 31 March 202S Transfer5 Restrlcted funds: Grant from DSIT 164,849 1,101,256 11,137,076) 129,029 Total restrlcted funds 164,849 1,101,256 11,137,076) 129,029 Unrestricted funds: General funds 296,344 277,916 132,5361 541.724 Total unrestricted funds 296,344 277,916 132,5361 541.724 Total fund5 461,193 1,379,172 11 169,6121 670.753 38

The UK Cyber Securlty Councll Note5 to the Consolldated flnanclal statements For the ear ended 31 March 2025 16 Movements in funds {continuedl Incoming resources & gains Outgoing resources & losses At l April 2023 At 31 March 2024 Transfers Restrirted fund5: Grant from DCMS 1.655,421 11,490,5 721 164.849 Total restrlcted funds Unre5trirted funds= General funds 1,655,421 11,490,5 721 164.849 328.428 132,0841 296.344 Total unrestrlaed funds 328.428 132,0841 296.344 Total funds 1,983,849 11,522,656) 461,193 There were no transfers in the year. Purposes of restrlcted funds The grant from the Department of Science, Innovation and Technology is used to cover costs of setting the standard and developing and delivering specialisms for the Cyber Security Profession. 17 Capltal commttments There were no capital commitments not provided for in the financial statements. 18 Taxation The charity Is exempt from corporation tax to the extent that all its income 15 charitable and is applied for charitable purposes. 39

UK CSC Accounts 31 March 2025 Final Audit Report 2026-03-16 Created.. 2026-0>13 By.. NIc￿a Soden lnic0￿@e1cuwa.C0Ml Stslus.. Signed Transaction ID.. cBJCHBCAAB￿91xNUldH8C￿Kd-PopD￿nrXKlKX4SCp "UK CSC Accounts 31 March 2025" History Document Created by Nicola Soden lnicola@excuvia.coml 2026￿3-13- 2..41..26 PM GMT . Document emailed lo mlke.watson@ukcybersecuritycoun￿1.or￿.uk for signature 2026-03-13- 2..41..35 PM GMT Email viewed by mike.walson@ukcyb&rsecuritycouncil.org.uk 20264)3-13- 2'.42'.10 PM GMT Signer mike.walson@ukcybersecuritycouncil.org.uk entered name at signing as Mike Walson 2026-03-16- 10..37..02 AM GMT Document e-signed by Mike Walson Imike.walson@ukcybersecurily¢ouncil.org.ukl signatu￿ Dale". 2026-03-16- 10."37".04 AM GMT- Timè Sourc8." 88rvèr Agreement completed. 2026￿3-16- 10.'37.'04 AM GMT Adobe A(robat Slgn