UCL Department of Science, Technology, Engineering and Public Policy


Policy brief: Evaluating Cyber Security Evidence for Policy Advice

Civil servants across the UK Government are working on policy advice for cyber security – but how they acquire and use evidence to make recommendations is not well understood.

This is important as the source and credibility of evidence affects the effectiveness and authority of the judgements made about threats, risks, mitigation and consequences.

This briefing sets out findings from the ECSEPA project on how evidence is being incorporated into developing effective cybersecurity policies across UK Government. It sets out the first iteration of a framework that rates evidence samples relative to each other based on source and credibility, designed to help policy makers assess the credibility of their evidence.



Lead researchers

Professor Madeline Carr (UCL STEaPP) and Professor Siraj Shaikh (Coventry University)

Output type

Policy brief

PIU lead

Florence Greatrix

View the policy brief on the RISCS website

Last updated: Tuesday, July 6, 2021