China has heavily invested in education, science, technology, and innovation since it launched reforms and opened up in 1978. In early days, China sent its youth to world-class universities all over the world and developed quality human resources. In the next stage, China focused on upgrading their own universities and invested within Chinese universities. Curricula were modernized, and teaching methods were improved. Exam systems were changed, and they started to catch up with the global universities and struggled to achieve global ranking. As a result, today, around a dozen universities have achieved status in the top hundred universities of the world, and nearly a hundred universities fall among the top 500 universities of the top global universities.
In the third stage, China focused on research and development. Invested generously in establishing state-of-the-art laboratories. Equipped laboratories with modern, advanced, and the latest equipment, instruments, and materials. Research infrastructure was improved immensely.
For research, three things are essential: research human resources, research infrastructure, and above all, research culture. China developed research human resources by sending millions of youths to top universities all over the world. Invested heavily in research infrastructure and created a research culture through various monetary incentives.
Now it is time for China to reap the fruits of education, research, development, and innovation. China is comprehensively utilizing sci-tech as an engine of economic growth.
One of the case studies is described below:
China’s expertise in minerals and mining, particularly for rare earth metals, is built on decades of strategic, long-term planning that includes control over the entire supply chain from mining and refining to manufacturing. Its dominance stems from a combination of vast resources, the ability to manage the complex and hazardous separation and purification processes, and heavy investment in R&D, which has led to a leading position in patents and the production of critical materials like permanent magnets. China also benefits from lower development costs due to state support for national champions, vast human resources, and an abundance of natural resource reserves, giving it a significant global advantage.
Key areas of Chinese expertise
Mining and extraction:
China accounts for around 70% of global rare earth mining, a process that is often difficult due to the elements’ co-occurrence with other materials like uranium.
Processing and refining:
China holds a dominant position (around 90-94%) in the highly complex and specialized processes of separating and purifying rare earth elements.
Manufacturing:
The country is a leader in manufacturing finished products, producing over 90% of the world’s rare earth permanent magnets, which are vital for high-tech and industrial applications.
Research and development:
China has filed a significantly larger number of patents related to rare earths than other countries, indicating a strong focus on technological advancement in the field.
Chinese dominance on rare earth metals and critical minerals;
China controls up to 90 percent of global rare earth metals and critical minerals either physically or through Chinese technology, machinery, or processes. The October 2025 decisions—outlined in MOFCOM’s announcements (Nos. 57, 58, 61, and 62)—mark an important refinement of China’s export governance framework. These include:
Export Control on Rare Earth Items and Technologies: Covering mining, smelting, refining, and magnet-making processes for medium and heavy rare earth elements, including holmium, dysprosium, terbium, yttrium, and gadolinium.
Control on Dual-Use Technologies: Exports involving rare earth production line services and technology transfers will require dual-use export licenses.
Control on Superhard Materials and Synthetic Graphite: Including artificial diamond materials, lithium battery-related items, and synthetic graphite anodes—critical for the global electric vehicle (EV) industry.
Unreliable Entity List Update: Addition of 14 foreign entities (including firms such as Dedrone by Axon, BAE Systems Inc., Tech Insights, and Elbit Systems of America) for engaging in activities that undermine China’s national security and economic interests.
These steps are consistent with China’s Export Control Law of 2020 and international practices established under the Wassenaar Arrangement and UN frameworks. They neither target specific countries nor disrupt global trade arbitrarily. Instead, they ensure that technologies of strategic value are exported responsibly and with full regard to China’s national interests.
It is time for China to reap the economic benefits of its decades of huge investment in education, science, technology, and innovation.
The Orionid meteor shower reaches its peak overnight on Tuesday, Oct. 21, through Wednesday, Oct. 22, 2025, just as Comet Lemmon gets closest to Earth on its journey through the inner solar system.
An island singer-songwriter has made her musical debut, after being treated for leukaemia.
Originally from Jersey, Isabel Marsh, known as IZI, was given the life-threatening diagnosis in 2020 and underwent intensive treatment that she says put her…
Scarlett (L), Luna (middle) and Bailey (R) say they cannot wait to try parkrun
Primary Schools across the country are being twinned with Parkruns to boost children’s daily exercise.
Ferndale Primary School and Nursery in Swindon is one of 500 UK primary schools which has signed up to the scheme.
The new initiative has been launched to encourage more pupils to get active, after it was revealed that fewer than half of children meet the chief medical officer’s recommended 60 minutes of physical activity per day.
Liz Horrobin, head teacher at Ferndale school, said: “Some of our children don’t even have back gardens so to be able to show them this opportunity was something I couldn’t pass on. Hopefully it will help open some doors for our children.”
Over the past 12 months, 17,000 school children piloted the scheme across the UK.
Emma Sperring, event director for Swindon’s Lydiard adult and junior parkrun, said: “Parkrun is so important for so many people now, it’s a community.
“People come along not just to run but to chat and meet with friends. They might walk they might run.”
Ms Sperring (L), Liz Horrobin (middle) and Nicola Stokes (R) are working together to make Parkrun Primary a success
Nicola Stokes helps to run the Swindon’s GWR junior Parkrun, near Faringdon Road, and said that in a world of technology, getting active is more important than ever.
She added: “We all know computer games and screen time is a thing so actually getting them out of that cycle is so nice and parkrun is a really friendly way to do it.”
Ms Horrobin said to ease her students into Parkrun, the school are preparing to start an after-school club.
She added: “It will just be showing them that running, sport and fitness doesn’t have to be an exclusive club, you don’t even need to be fit to do it.
“We’ll play things like stuck in the mud and fun games to get your heartbeat going and get us exercising without even realising it.”
Lucy, 11, said she’s looking forward to taking part in the event.
“It’s nice to know that there’s Parkruns for younger children and ones for adults so everyone can get involved,” she said.
Cyberattacks feel pretty inescapable at the moment. They’ve always been there but in recent months there have been countless high profile attacks which have potentially huge consequences, including:
Kering (parent company of Gucci, Balenciaga, and Alexander McQueen): ‘Data linked to 7.4 million unique email addresses’ was reportedly stolen. The company confirmed the stolen data did not include any financial information (e.g. card details). However, the data did include ‘total sales’ showing how much people had spent with each brand or in stores, significantly increasing the risk of more sophisticated social engineering attacks.
The Co-op: The malicious attack back in April (although the actors responsible suggest they were in the systems ‘long before’ being discovered), where 6.5 million customers’ data was stolen, led to empty shelves and problems with digital payments, ultimately costing the business £206 million in lost sales.
Jaguar Land Rover: After a cyberattack forced them to suspend production for over a month, at a reported cost of at least £50 million a week, the UK Government has underwritten a £1.5 billion loan guarantee intending to protect not only JLR employees but also their supply chain (some of which supply parts exclusively to JLR).
Discord: Discord’s third party supplier, which helps verify users’ age, was subject to a cyberattack with bad actors obtaining approximately 70,000 users’ official ID photos (among other information). This is a timely reminder that your security is only one part of the puzzle and attention must also be given to the security of your supply chain. This attack may raise particular concerns given the number of platforms which are now processing this type of data (to bad actors an incredibly valuable commodity) for the first time to comply with requirements of the Online Safety Act.
However, smaller businesses or even those not ‘in the spotlight’ can’t rest easy in the hope hackers won’t care about them. In fact, they may even be low hanging fruit. For example:
A ransomware group gained entry to KNP’s (a 158 year old transport company) systems by simply guessing a single employee’s password. Once in the system they encrypted the company’s data and locked its systems. The company couldn’t afford the ransom (estimated to be as much as £5 million) to get the data back and ultimately entered administration.
Threat actors also recently obtained the data of approximately 8,000 nursery children as well as their families and employees of the Kido nursery chain by ‘buying access’ to a staff computer. The hackers initially started posting profiles of children (including pictures, dates of birth, birth place, safeguarding notes, who they live with, and contact details), with threats to release more data. Unsurprisingly, this attack received a lot of negative publicity. The actors subsequently blurred images of each child, as “leadership isn’t happy with the attention that posting full images does” (as confirmed by the hackers to a BBC correspondent) but the threats to continue releasing data remained. Those behind the attack were contacting parents via email and even making ‘threatening’ phone calls saying to one parent “they would post her child’s information online unless she put pressure on Kido to pay a ransom“. The actors have since removed the posts and claim to have deleted the information. There is, however, no way to know for sure this has occurred. Previous instances have seen similar claims where ‘deleted data’ is found to have been retained or even sold. This is another reason why paying a ransom is no guarantee – for example, when the National Crime Agency ‘took down’ a gang of cyber criminals they found lots of data ransomware victims had paid to be deleted. In any event, like any information online, the data posted is now ‘out there’ and anyone may have taken copies. Nevertheless, two 17-year-old boys have now been arrested in connection with the ongoing investigation.
It’s clear that ‘no one is safe’ and those behind these attacks show no signs of slowing down. A representative from the National Crime Agency suggests she has seen incidents double in the last two years to around 35 – 40 per week. Recent research based on a survey of over 200 cybersecurity professionals in the UK whose companies were subject to a ransomware attack between January – March 2025 also shows that the median demand is over £4 million, which could be devastating for small businesses.
ICO’s Top Tips
It’s, therefore, unsurprising that the ICO have issued a list of practical steps small businesses should take:
1. Back up your data
Data should be regularly backed up, but you also need to check it has worked/is working as intended. Equally, you’ll need to make sure the back up isn’t connected to the live data source to ensure that, if there is malicious activity, it won’t reach the back up.
If you use an external storage device, don’t forget to (a) keep it somewhere other than your main workplace; (b) encrypt it; and (c) lock it away, if possible.
2. Use strong passwords and MFA
If your password is ‘password’, ‘Password1’, ‘Password123’, etc. (you get the jist), it’s probably time to update it! Always consider strong and unique passwords which would be difficult to guess (e.g. the National Cyber Security Centre recommend picking three random words for passwords).
Where you have the option, always consider enabling multifactor authentication (MFA). Although it may be inconvenient waiting for your code to be text/emailed, this second layer of security is always a useful measure to implement.
3. Be aware of your surroundings
One to remember next time you want to do some work on your morning commute. It’s important to exercise caution when working out and about. Whether you’re on the phone or using a screen when people are around, sending a few extra emails is probably not worth the headache of potentially needing to deal with a security incident.
4. Be wary of suspicious emails
It’s always important to ensure you are cautious of suspicious emails. Sometimes it may just be an odd new request, but things like bad grammar, a need to act urgently, and requests for payment are typical signs something may not be real. It’s also worth checking email addresses carefully, e.g. a capital ‘i’ (I) looks near identical to a lower case L (l).
However, things like generative AI and spoofing technologies are enabling threat actors to become more sophisticated. A phishing email may not be as implausible as it once was or written with poor English. Equally, it could appear to come from the sender you know (see, for example, where deepfakes were used to convince someone to transfer $25 million on what they believed were the instructions of the CFO).
5. Install anti-virus and malware protection (and keep it up to date)
Whether in an office or working from home/away, you need to ensure your devices are secure. Anti-virus software is a useful tool to protect against malware which may be sent via phishing attacks.
6. Protect your device while it’s unattended
Whenever you are temporarily away from your desk, at least lock your screen. If you’re going to be away for longer, make sure your screens are in a secure place. An unlocked and unattended laptop in a cafe is a threat actor’s dream.
7. Make sure your Wi-Fi is secure
Even if you’re conscious of your surroundings and locked your screen as recommended while in a cafe, if you’re using the public Wi-Fi or an insecure connection you could still be risking personal data.
Always make sure you are using a secure connection when connecting to the internet, and if you use the cafe’s public network, it’s worth also using a secure virtual private network.
8. Limit access to those who need it
Not everyone in the business will need access to everything, so there should be access controls to ensure people can only see the data they need to. This also needs to be kept in mind where people leave the business or if they’re absent for a long period, as you’ll need to suspend their ability to access the systems.
9. Take care when sharing
Showing someone the wrong thing is hardly new, but it still happens. A lot. For example, you may be sharing your screen in a meeting and have tabs or documents which are confidential or include personal data open which can easily be accidentally shown. Equally, make sure notifications are turned off if you’re sharing a screen to avoid someone else sending something to you being seen by others.
If you’re emailing lots of people which could reveal sensitive information about recipients, consider alternatives to BCC’ing them, such as bulk email or mail merge services. It’s not uncommon for people to CC rather than BCC people, but in certain contexts this could reveal sensitive, if not special category, personal data (see for example, the charity which was fined by the ICO in 2020 when they CC’d 105 members of an HIV advisory board on an email which meant people could be identified). The ICO do also have guidance on sending bulk communications via email.
10. Don’t keep data for longer than you need it
Not only does this limit the amount of personal information which is at risk if you are subject to an attack or there is a breach, but it will also free up storage space and is likely cheaper!
11. Dispose of old IT equipment and records safely
When someone leaves the business, or they get new equipment, make sure there is no personal data on the devices (whether they are laptops, smartphones, or any device) before they are thrown away. For peace of mind, you may want to consider using deletion software or engaging a specialist to wipe any data.
Is cybersecurity a priority for your business?
The ICO is clear that “[m]ost small businesses hold personal information and conduct business digitally, so cyber security must be a priority“. Ian Hulme (Executive Director for Regulatory Supervision at the ICO) also added that “[w]hile cyber attacks can be very sophisticated, we find that many organisations are still neglecting the very foundations of cyber security“.
Of course, all types of organisations need to ensure their systems are resilient against complex attacks, and they are able to meet their security obligations under data protection law. However, it’s important to get the basics right too (we need to walk before we can run!).
Equally, no system is infallible and it’s not uncommon, for example, for cyber criminals to simply buy their way in by ‘paying off’ an employee. Things do go wrong, even for small businesses, so it’s important to think about what you will do when things go wrong, before they do. It may also be worthwhile considering obtaining insurance to cover the costs of a cyberattack (although you’ll still need to have a good standard of security in place to ensure you don’t void any such insurance).
If you’d like to discuss your security obligations or how best to mitigate the chance of and prepare for a cyberattack, or would like training for your organisation, please do reach out to your usual Lewis Silkin contact.
