Cyber Innovations is a UK-based cyber company specialising in human-centred cyber resilience. Cyber Innovations have developed research-backed training, tools and frameworks designed to help organisations respond more effectively to cyber incidents, while reducing cognitive overload, limiting human error and minimising longer-term impacts on staff wellbeing. Cyber Innovation’s early work, particularly the development of CyGamBIT, was supported by CyberASAP, a research commercialisation programme that’s funded by the UK Government’s Department for Science, Innovation and Technology and delivered by Innovate UK.
We spoke with Emily Rosenorn-Lanng (CEO) and Professor Vasilis Katos (CTO) of Cyber Innovations about how the company’s work is grounded in research, why human-centred resilience is becoming increasingly critical and how their innovations are helping organisations on a local and national scale manage cyber incidents in a way that protects both security outcomes and the people delivering them.
Tell me about your company
“We are Cyber Innovations Ltd, a UK-based cybersecurity company focused on strengthening organisational resilience at the human layer of cyber incidents. The company is led by Emily Rosenorn-Lanng, CEO and co-founder, alongside Vasilis Katos, CTO and Professor of Cybersecurity at Bournemouth University. Together, the founding team brings complementary expertise spanning cybersecurity, psychology and applied learning design.”
“Cyber Innovations was formed in response to a recurring gap observed across sectors: cyber incidents rarely fail because technology is absent, but because people are overwhelmed, misled or required to make decisions under pressure. Our work focuses on building practical capability at those human decision points, where incidents often escalate or stall. Our flagship programme, Cyber First Aid (CFA), supports clearer judgement, coordination, and recovery during incidents, alongside game-based learning tools such as CyGamBIT that help build safer behaviours earlier and at scale.”
“Our work is underpinned by established sociotechnical models and ongoing academic research, delivered in collaboration with Bournemouth University. We work with public sector organisations, SMEs and critical infrastructure partners to translate academic insight into applied, scalable cyber resilience.”
What problem does your technology solve, and why does it matter right now?
“Modern cyber attacks increasingly succeed not because organisations lack controls, but because people are required to make high-stakes decisions under sustained cognitive and emotional pressure. Phishing, ransomware and business email compromise exploit trust, urgency and overload at precisely the moments when teams are least able to slow down and think clearly.”
“This challenge has intensified with the rise of AI-enabled social engineering, which has increased both the volume and psychological sophistication of attacks. At the same time, the pressure on security teams is becoming increasingly difficult to sustain. Widely cited surveys suggest that a significant proportion of cybersecurity professionals are considering leaving the profession due to stress and burnout, at a time when demand for skilled defenders remains high.”
“While technical controls remain essential, they do not address where many incidents escalate or fail. Our technology focuses on that gap by helping organisations recognise early human indicators of compromise, stabilise decision-making during incidents, and reduce both operational disruption and the human cost of responding to cyber attacks.”
How did CyberASAP (Cyber Security Academic Startup Accelerator Programme) help you turn academic research into a commercial product or company?
CyberASAP, which is funded by the UK Government’s Department for Science, Innovation and Technology (DSIT) and delivered by Innovate UK, helps UK-based academic teams turn research into commercially viable cyber security products and services by providing mentoring, training, market validation support, and pathways to commercialisation. Through the programme, the team was able to develop CyGamBIT, a cutting-edge game-based learning platform designed to immerse users in real-world cybersecurity scenarios.
“CyberASAP played a critical role by challenging our assumptions and requiring early engagement with real users and delivery contexts. The programme provided a structured environment in which academic framing was tested against operational reality, revealing where adaptation was necessary.”
“One of the most important outcomes was learning when to pivot. Through CyberASAP, we refined our focus from a narrower educational concept to a broader, incident-response-centred model that organisations actively needed. The programme supported disciplined iteration rather than premature scale, enabling us to translate research into a viable, evidence-led product without losing integrity.”
What’s the biggest milestone you’ve achieved since completing the programme?
“The most significant milestone has been moving from pilot-stage validation to live delivery with organisations facing real cyber risk. Delivering Cyber First Aid in operational settings allowed us to observe how people actually respond under pressure and to refine the approach based on behaviour rather than intention.”
“This transition confirmed demand and relevance, while generating insight that continues to shape our tools and training. It marked a clear shift from concept to practice, establishing Cyber Innovations as an operational company rather than a research project.”
What progress have you made in securing investment or commercial backing so far?
“Our early progress has focused on building a credible, evidence-led foundation before pursuing large-scale investment. We have secured government-backed funding, delivered paid pilots, and developed commercial partnerships that support validation and delivery in real organisational contexts.”
“Alongside this, we are in active conversations with partners and funders who understand the long-term nature of human-centred cyber resilience. Rather than prioritising rapid scale, we are focused on sustainable growth, alignment and maintaining the quality of delivery that organisations rely on during incidents.”
What advice would you give to academics looking to apply to the programme or enrolled already?
“Be open to the idea that a pivot is not a failure of research, but often the point at which it becomes more innovative and more useful. Commercialisation can be a continuation of the research journey, not a departure from it, if it is approached with intellectual honesty and a willingness to learn.”
“Our experience has shown the value of interdisciplinary collaboration and early engagement with practitioners. Listening carefully to how ideas perform in real contexts often reveals new research questions and sharper directions. When handled well, the journey to commercialisation can strengthen research rather than dilute it.”
On the 25th February 2026 in London, alongside various successful alumni, like CybPass and FACT360, Cyber Innovations will be taking part in CyberASAP’s Demo Day as part of the alumni showcase. CyberASAP Demo Day also features the 14 final teams in this year’s cohort who will be pitching and demonstrating their proofs of concept. Find out more and register to attend here.
