Key Takeaways from the RenewableUK Cyber Security Conference 2025

I was delighted to chair a panel session at the excellent RenewableUK Cyber Security Conference  on March 25th . It was a timely and thought-provoking event, with some powerful insights into the evolving threat landscape. Here are my three key takeaways: 

1. China is the top threat in a more competitive, confrontational world 

The geopolitical climate is changing rapidly — and cybersecurity is increasingly a front line. 

China is now the defining cyber threat and cyber superpower. The state directly employs tens of thousands of offensive cybersecurity specialists, supported by a vast and incentivised ecosystem. If you hack it, China will buy it. 

Check out ITV News’ excellent exposé on Chengdu: Inside China’s hacking capital 

China also has the scale and strategic capacity to influence global technology standards and even shape international law in support of offensive cyber capabilities. These are not just ‘script kiddies’ — the sophistication of attacks is growing fast. 

Russia comes second in terms of threat level. It has a well-defined economic ecosystem supporting independent actors like data brokers, underpinned by a powerful state infrastructure. 

Third place goes to non-state actors — still dangerous, but operating with fewer resources and less organisation 

2. AI Amplifies the Threat and needs to be part of our defence

Phishing remains the primary access vector for cyber-attacks — but AI is supercharging its effectiveness. 

AI-supported phishing is now 96% more effective than traditional methods. 

This makes the case for integrating AI into our defensive strategies even more urgent. AI must be part of our security posture, not just a tool for attackers. 

3. The UK’s Cyber Response Is Improving 

It was encouraging to see that the UK’s Cyber Security and Resilience Policy Statement, published just last week, outlines a move toward: 

• Closer alignment with NIS2, which should make UK–EU cross-compliance easier 

• Building on the existing NCSC Cyber Assessment Framework, rather than introducing new frameworks

This is a smart approach: evolve what works, rather than reinvent the wheel. 

 Final Thoughts 

Finally, the panel discussion offered a valuable reminder: cybersecurity scores and metrics can be misleading. While helpful, they often give a false sense of security or mask core vulnerabilities. 

The panel strongly recommended that good cybersecurity policies should be the primary goal — with improvement in scores a byproduct, not the main focus. 

Overall, another excellent conference — practical, engaging, and forward-looking. 

The cyber landscape facing the renewable sector is shifting quickly. I’m already looking forward to next year’s event — and continuing the conversation in the meantime. 

If you’d like to chat more about cyber security, please contact Ronan https://www.energypro.ie/contact

About the Author

Ronan O'Meara, Managing Director

Ronan is a chartered engineer, renewable energy analyst and co-founder of EnergyPro

Read more about Ronan here.