Funding opportunity

Funding opportunity: Research aligned with cybersecurity research institutes

Apply for funding to establish research projects aligned with the four EPSRC-National Cyber Security Centre (NCSC) research institutes.

You must be based at a UK research organisation eligible for EPSRC funding and either:

  • at a level equivalent to lecturer or above
  • hold a fixed-term contract that extends beyond the duration of the proposed project
  • hold an EPSRC, Royal Society or Royal Academy of Engineering fellowship aimed at later career stages
  • hold fellowships under other eligible schemes.

You should address national security challenges of strategic importance.

The full economic cost of your project can be up to £1,093,750. EPSRC will fund 80% of the full economic cost (a maximum award of £875,000).

Who can apply

Standard EPSRC eligibility rules apply. Research grants are open to:

  • UK higher education institutions
  • research council institutes
  • UK Research and Innovation approved independent research organisations
  • eligible public sector research establishments
  • NHS bodies with research capacity.

Check if your institution is eligible for funding.

You can apply if you are a resident in the UK and meet at least one of the conditions below:

  • are employed at the submitting research organisation at a level equivalent to lecturer or above
  • hold a fixed-term contract that extends beyond the duration of the proposed project, and the host research organisation is prepared to give you all the support normal for a permanent employee
  • hold an EPSRC, Royal Society or Royal Academy of Engineering fellowship aimed at later career stages
  • hold fellowships under other schemes (please contact EPSRC to check eligibility, which is considered on a case-by-case basis).

Holders of postdoctoral-level fellowships are not eligible to apply for an EPSRC grant.

Submissions to this funding opportunity will count towards EPSRC’s repeatedly unsuccessful applicants policy.

Current directors and members of the research institutes are eligible to apply. However, applicants do not need to be current members of one of the Cyber Security Research Institutes or an Academic Centre of Excellence in Cyber Security Research.

What we're looking for


EPSRC, together with NCSC, jointly support four UK academic research institutes to develop cyber security capability in strategically important areas. These are the:

Each research institute has developed and nurtured a vibrant community of researchers from academia, as well as a range of industry partners involved in the relevant disciplines.

Alongside these institutes, EPSRC’s newly formed digital security and resilience theme wishes to restate its:

  • support for cybersecurity research
  • intent to work closely with national security agencies in ensuring that it is funding research that:
    • is relevant to the cybersecurity challenges faced by the UK
    • mitigates the risks posed
    • builds national capability in this area.

Building a secure and resilient world has been identified as a strategic theme by UK Research and Innovation. This theme highlights the importance of enhancing national security across virtual and physical spaces, by improving awareness of risks and threats, preparedness, decision-making and response.

EPSRC’s upcoming delivery plan is expected to include a priority on ‘artificial intelligence, digitalisation and data: driving value and security’. The priority contains several ambitions that are relevant to the work promoted by the research institutes, including to:

  • realise the transformational impact of digital technologies across industry sectors, society and the public sector (by developing technologies of the future in real world situations that are trusted, reduce negative unintended impacts and realise their potential benefits for society as well as the economy)
  • develop technologies that can fully embrace privacy, security, fairness, reliability, safety, transparency and accountability and inclusiveness, addressing the trade-offs that currently exist between them
  • build a more secure and resilient digital society from the component through to the system level, and address key challenges in the application of digital technologies in defence and security
  • encourage co-created research in this area, and increase translation of research into practice.

Therefore, with these aims and ambitions in mind, EPSRC intends to fund at least eight research projects that are aligned with the goals of the cyber security research institutes. These goals are summarised below.

Research must be mission or user inspired rather than purely fundamental, and therefore we expect that project partners are included in proposals. We ask you to consider national security in the context of all four nations of the UK, delivering research with potential to contribute to your priorities and ambitions within cybersecurity.

You are not expected to engage with current research institutes at the proposal writing stage.

Research Institute for Sociotechnical Cyber Security (RISCS)

RISCS aims to develop scientifically rigorous sociotechnical approaches to cyber security. This will promote understanding of the overall security of organisations, spanning people, their interaction with technology, processes and the wider systems relevant to cyber security.

Sociotechnical security is a broad, interdisciplinary arena. Areas of focus include, but are not limited to:

  • international dimensions: critical challenges of cyber security are increasingly globalised and require consideration, exploration and understanding of the international aspects in order to develop effective action and policy on the part of governments, military and industry
  • economics and incentives: applying economic thinking and theory to long-standing cyber security problems can provide new strategies for interventions in economic marketplaces that matter to cyber security, and for how we use incentives to influence and change security behaviours
  • security challenges in diverse digital lives: the range of digital connected services, and the communities that use them, continues to diversify, evolve and expand. This changing landscape brings new security needs and challenges to people’s everyday lives, many of which are not well understood or considered
  • sociotechnical dimensions of securing cyber physical systems: cyber physical systems, that integrate both software and IT with physical and operational technology, underpin our critical national infrastructure such as transport, energy and other industry environments. Securing them depends on many sociotechnical factors. These require exploration to understand the unique challenges and approaches to secure these systems in their organisational settings. Factors may include leadership and culture, safety and security, risk management, communicating security and incident response.

Research Institute in Verified Trustworthy Software Systems (VeTSS)

The overarching research vision for VeTSS is to bring scientific, mathematical methods to the specification and verification of modern software systems, leading to guarantees of correctness, safety and security.

Systems and software should be judged on fundamental scientific principles, with precise answers to questions such as:

  • what does this system do and not do
  • does the software behave as intended
  • how do we assess that the software does what it says it does?

Answering these questions are prerequisites for bringing a rigorous, scientific method to software development, in line with standard engineering practice.

This then raises subsequent research questions related to getting analysis and verification into the industrial software design process in such a way that the software can be properly verified.

The VeTSS research vision also includes verification of cryptographic and protocol designs.

Research Institute in Trustworthy Interconnected Cyber-physical Systems

The aims of this research institute are to:

  • understand the harm that threats pose to the provision of critical systems
  • confidently articulate these threats as risk to delivery of critical systems at a business and national level
  • understand and compare both the effectiveness and costs of potential interventions. This includes technical interventions, such as altering system architecture, through to policy interventions by governments and regulators
  • identify novel effective and efficient interventions for business or governments to reduce the risks to critical systems
  • best detect intrusion in critical systems, including embedded and bespoke systems, and identify whether incident response differ to established practices for enterprise IT
  • identify the obstacles to perceived best practice being applied to critical systems.

Research Institute in Secure Hardware and Embedded Systems

This research institute focuses on the following areas.

Understanding the technologies that underpin hardware security, the vulnerabilities in these technologies and development of countermeasures

This includes:

  • state-of-the-art hardware security primitives, including true random number generators and physical unclonable functions
  • novel hardware analysis tool sets and techniques
  • attack-resilient hardware platforms and hardware IP building blocks.
Maintaining confidence in security throughout the development process and the product life cycle

This includes:

  • confidence in developing secure hardware devices
  • supply chain confidence
  • modelling of hardware security
  • hardware enforcement of software-defined security policies.
Hardware security use cases and consideration of value propositions

A significant goal of this research is to introduce the research community to new hardware features, and encourage experimentation of novel applications.

This includes:

  • novel authentication, for example alternatives to passwords
  • practical applications for attestation and roots of trust.
Development and pull-through

This includes:

  • ease of development and ease of leveraging the best security option
  • understanding barriers to adoption
  • education of the potential user or developer base.

Funding available

There is up to £7.5 million available that we anticipate committing to eight or more projects. We will fund projects for up to 36 months.

The full economic cost of your project can be up to £1,093,750. EPSRC will fund 80% of the full economic cost (a maximum award of £875,000).

Smaller projects are welcome.

We expect to fund projects aligned to each research institute. Applicants must state in their case for support which research institute their project is aligned with and why, in order for EPSRC to manage the assessment process effectively.

We will also allow projects that span the remit of more than one of the research institutes, but you must state which research institute is the priority.

Funding can be requested for standard research activities and associated support, but we do encourage applicants to take creative, adventurous approaches to research, and to identify and engage with stakeholders across the UK where appropriate, requesting whatever they need to deliver that.

Equipment over £10,000 in value (including VAT) is not available through this opportunity.  Smaller items of equipment (individually under £10,000) should be listed under the ‘Directly Incurred – Other Costs’ heading.

Read EPSRC’s approach to equipment funding.

Responsible innovation

You are expected to work within the EPSRC framework for responsible innovation.

International collaboration

Applicants planning to include international collaborators on their proposal should visit Trusted Research for guidance on getting the most out of international collaboration whilst protecting intellectual property, sensitive research and personal information.

How to apply

You must apply using the Joint Electronic Submission (Je-S) system.

You can find advice on completing your application in the Je-S handbook.

We recommend you start your application early.

Your host organisation will also be able to provide advice and guidance.

Submitting your application

Before starting an application, you will need to log in or create an account in Je-S.

When applying:

  1. Select ‘documents’, then ‘new document’.
  2. Select ‘call search’ .
  3. To find the opportunity, search for: Cybersecurity Research Institutes Research Projects.

This will populate:

  • council: EPSRC
  • document type: standard proposal
  • scheme: standard
  • call/type/mode: Cybersecurity Research Institutes Research Projects.

Once you have completed your application, make sure you ‘submit document’.

You can save completed details in Je-S at any time and return to continue your application later.


EPSRC must receive your application by 11 October 2022 at 16:00.

You will not be able to apply after this time. Please leave enough time for your proposal to pass through your organisation’s Je-S submission route before this date.

You should ensure you are aware of and follow any internal institutional deadlines that may be in place.


You must submit the following documents:

  • case for support (nine sides of A4, with two on your track record, six on the scientific case, and one on your engagement plan relating to the relevant research institute, or institutes, and NCSC). You must state which research institute your project is aligned with and why
  • work plan (one page)
  • justification of resources (two pages)
  • CVs (up to two sides of A4 each) for named:
    • postdoctoral staff and researcher co-investigators (research assistants who have made a substantial contribution to the proposal and will be employed on the project for a significant amount of time)
    • visiting researchers
  • letters of support from all project partners included in the Je-S form (no page limit). See EPSRC’s guidance on project partners letter of support
  • cover letter (optional attachment, with no page limit and not seen by peer review).

You should attach your documents as PDFs to avoid errors. They should be completed in single-spaced Arial size 11 font or similar-sized sans serif typeface.

Advice on writing proposals for EPSRC funding.

Ethical information

EPSRC will not fund a project if it believes that there are ethical concerns that have been overlooked or not appropriately accounted for. All relevant parts of the ‘ethical information’ section in Je-S must be completed.

Guidance on completing ethical information on the Je-S form.

EPSRC guidance can be found under ‘additional info’.

Nominating reviewers

As part of the application process, you will be invited to nominate up to three potential reviewers who you feel have the expertise to assess your proposal. Please ensure that any nominations meet the EPSRC conflicts of interest policy.

How we will assess your application

Assessment process

This opportunity is an invitation for proposals. Proposals will undergo postal peer review, followed by a prioritisation panel, resulting in a rank ordered list. A decision is expected to be made within two weeks of the panel meeting.

The reviewers will comment on how well the proposal meets both EPSRC’s standard and opportunity-specific assessment criteria. If sufficiently positive comments are received, you will be invited to respond to these comments before being considered by the prioritisation panel.

The panel will rank the proposals in prioritisation order for funding using the reviewers’ comments and the principal investigator response. Proposals will only be ranked against those aligned to the same research institute (as defined by you).

Assessment criteria

Standard criteria

Quality (primary)

This relates to the research excellence of the proposal, making reference to:

  • the novelty, relationship to the context, timeliness and relevance to identified stakeholders
  • the ambition, adventure, transformative aspects or potential outcomes
  • the suitability of the proposed methodology and the appropriateness of the approach to achieving impact. For multidisciplinary proposals, please state which aspects of the proposal you feel qualified to assess.
National importance (secondary major)

This relates to how the research:

  • contributes to or helps maintain the health of other disciplines
  • contributes to addressing key UK societal challenges
  • contributes to future UK economic success and development of emerging industry or industries
  • meets national needs by establishing or maintaining a unique world-leading activity
  • complements other UK research funded in the area, including any relationship to EPSRC’s portfolio
  • plans for dissemination and knowledge exchange with potential beneficiaries of the research.
Applicant and partnerships (secondary)

This relates to the ability to deliver the proposed project, making reference to:

  • appropriateness of the track record of the applicant or applicants
  • balance of skills of the project team, including collaborators.
Resources and management (secondary)

This relates to the effectiveness of the proposed planning and management, and whether the requested resources are appropriate and have been fully justified, making reference to:

  • any equipment requested, or the viability of the arrangements described to access equipment needed for this project, and particularly on any university or third-party contribution
  • any resources requested for activities to either increase impact, for public engagement or to support responsible innovation.

Opportunity specific criteria

Fit to opportunity (primary)

This includes:

  • the alignment of the research project to the aims and objectives of one or more of the research institutes
  • the  strength of engagement and relevance to stakeholders including business and policy in the UK’s nations and regions, and articulation of a strategy for identifying and engaging with these key stakeholders
  • the quality of the plan for engagement with, and adding value to, the relevant research institutes (or institute), engagement with the directors of those institutes (and relevant communities) and NCSC, and setting out the resources that will be required for this. Applicants who are currently members of a research institute should provide a plan setting out how they will add value to the relevant research institutes and continue their engagement with NCSC and other stakeholders, being clear on the resources that will be required for this.


The postal peer review commentary will comprise the feedback for you. The prioritisation panel process will not provide feedback, beyond the publication of the rank-ordered list, unless this is specifically requested by the panel.

Guidance for reviewers

For more information, please see:

Contact details

Get help with developing your proposal

For help and advice on costings and writing your proposal, please contact your research office in the first instance, allowing sufficient time for your organisation’s submission process.

Ask a question about the opportunity

Greg Smith, Portfolio Manager


Include ‘Research Institutes opportunity’ in the subject line.

Afia Masood, Portfolio Manager


Digital security and resilience theme


Get help with applying through Je-S



01793 444164

Opening times

Je-S helpdesk opening times

Additional info


Digital security and resilience

EPSRC’s new digital security and resilience theme will put a spotlight on digital technologies relevant to the security, defence and resilience of the UK.

The supported research will aim to create a more secure and resilient digital society that is robust and prepared to withstand shocks and challenges in an increasingly interconnected digital world.

We will do this by:

  • bringing relevant EPSRC investments under the new theme (around £123 million), whilst making connections across EPSRC and UK Research and Innovation (UKRI), and with key stakeholders
  • developing EPSRC’s strategy and plans for digital security and resilience, and for specific topic areas falling under that remit, such as cyber security and digital twinning, whilst connecting across UKRI
  • building communities, networks and capacity to develop national capability in specific digital security and resilience topic areas.

Broadly, the digital security and resilience theme’s investments will fall in two areas:

  • mitigating risk: research to promote and improve the security and resilience of digital technologies
  • creating opportunities: research into digital technologies that would be developed to promote and improve the security, defence and resilience of the UK, and the security and resilience of its organisations, systems, infrastructure and society.

Research institutes

Shortly after the first eight Academic Centres of Excellence in Cyber Security Research were recognised in 2012, it became clear that there were a number of critical knowledge areas where the UK was lacking in research.

This realisation led to the establishment of the first research institutes to provide a focus for research and to establish communities of interest in those subject areas. Initially entirely funded jointly by EPSRC and the Government Communications Headquarters, now the NCSC, and in one case by EPSRC and the Centre for the Protection of National Infrastructure, the research institutes are now vibrant, growing and productive centres of gravity for influencing and leading research in their areas.

While they were initially set up exclusively with government funding, as they have matured to become thought leaders in the area, they have attracted considerable funding from other sources, including business.

The research institutes are joint investments between EPSRC and NCSC and act as virtual national institutes. They were each established to build capacity and communities of interest for specific topics within cyber security.

However, there are opportunities for the research institutes to work with each other on mutual challenges and in 2020 to 2021, EPSRC worked with NCSC to scope an opportunity for research projects that sit across the areas covered by the four research institutes and also address at least one of the problems set out in the recently published NCSC research problem book.

This book identifies seven significant themes NCSC are interested in. The five successful projects were announced in March 2021 and include work on:

  • verification
  • hardware security
  • mobility as a service
  • cybersecurity playbooks for Critical National Infrastructure resilience and security of digital twins in manufacturing.

Strategic context

The opportunity was designed with the following policies and objectives in mind.

The GOV.UK review ‘Global Britain in a competitive age: the integrated review of security, defence, development and foreign policy’, with an increased commitment to security and resilience at its heart.

The GOV.UK national cyber strategy 2022, ensuring that the UK remains confident, capable and resilient in this fast-moving digital world, and that we continue to adapt, innovate and invest in order to protect and promote our interests in cyberspace.

The UKRI strategy, including an ‘impact’ objective: focusing the UK’s world-class science and innovation to:

  • target global and national challenges
  • create and exploit tomorrow’s technologies
  • build the high-growth business sectors of the future.

UKRI strategic theme: ‘building a secure and resilient world’.

The forthcoming EPSRC delivery plan, which is expected to include a priority on ‘artificial intelligence, digitalisation and data: driving value and security’. Future success of economies and societies will be driven by new and improved industries and services through transformational technologies. These technologies will connect people, things and data together in safe, smart, secure, trustworthy and productive ways.

Grant additional conditions

Grants are awarded under the standard UKRI grant terms and conditions.

An additional grant condition will be added to this opportunity, around the requirement to engage with NCSC and research institutes.

Notwithstanding RGC 5.2 Starting Procedures, this grant has a fixed start date of 1 September 2023. No slippage of this date will be permitted. Expenditure may be incurred prior to the start of the grant and be subsequently charged to the grant, provided that it does not precede the date of the offer letter.

Responsible innovation

EPSRC is fully committed to develop and promote responsible innovation. Research has the ability to not only produce understanding, knowledge and value, but also unintended consequences, questions, ethical dilemmas and, at times, unexpected social transformations.

We recognise that we have a duty of care to promote approaches to responsible innovation that will initiate ongoing reflection about the potential ethical and societal implications of the research that we sponsor, and to encourage our research community to do likewise.

Supporting documents

Equality impact assessment (PDF, 201KB)

This is the website for UKRI: our seven research councils, Research England and Innovate UK. Let us know if you have feedback or would like to help improve our online products and services.