UK Government ministers have unveiled a new £210 million ‘cyber action plan’ to tackle threats and strengthen online public services.
New measures will be introduced to make online public services more secure and resilient, so people can use them with confidence – whether applying for benefits, paying taxes or accessing healthcare.
Driven by a new Government Cyber Unit, the plan will rapidly improve cyber defences and digital resilience across government departments and the wider public sector, so people can trust that their data and services are protected.
While cyber security – within the wider remit of national security – is a reserved matter, within Scotland, Wales and Northern Ireland, certain devolved public services are the responsibility of the respective governments.
Devolved governments will seek to ensure that the providers of public services for which they have oversight are resilient to cyber risks and will collaborate with UK Government on UK-wide cyber security and resilience issues.
The UK Government recommends that devolved governments support and align with the ambitions of the Government Cyber Action Plan.
The Scottish Government launched its own Strategic Framework for a Cyber Resilient Framework in November, with a package of measures designed to fortify schools, local authorities, NHS boards and other public bodies.
It underpins UK government plans to digitise public services. This will make more services accessible online, reduce time spent on phone queues and paperwork, and enable citizens to access support without repeating information across multiple departments. This approach could unlock up to an estimated £45 billion in productivity savings by using technology effectively across the public sector, according to government analysis.
Digital Government Minister Ian Murray said: “Cyber-attacks can take vital public services offline in minutes – disrupting our digital services and our very way of life.
“This plan sets a new bar to bolster the defences of our public sector, putting cyber-criminals on warning that we are going further and faster to protect the UK’s businesses and public services alike. This is how we keep people safe, services running, and build a government the public can trust in the digital age.”
The Cyber Security and Resilience Bill, currently going through parliament, will reform and add to the existing Network and Information Systems (NIS) Regulations 2018, to increase UK defences against cyber attacks, better protecting the services the public rely on to go about their normal lives – to switch on lights, turn on the tap to safe water, and know the NHS is there to support them. Data centres and managed IT service providers will also face tighter regulatory controls.
The Bill follows several high-profile cyber-attacks that have impacted the NHS, including in Scotland, where NHS Dumfries & Galloway was targeted by hackers in 2024.
The plan will lead to:
- clearer visibility of risks: shining a light on cyber and digital resilience risks across government, so we can focus efforts where it matters most
- stronger central action on the toughest challenges: taking decisive, joined-up action across departments on severe and complex risks that no single organisation can solve alone with a dedicated team overseeing coordination
- faster response to threats and incidents: reacting quickly to fast-moving cyber threats and vulnerabilities to minimise harm and speed up recovery by requiring departments to have robust incident response arrangements in place
- higher resilience across government: boosting resilience at scale, with targeted measures to close major gaps and protect critical services
A new Software Security Ambassador Scheme will also help drive adoption of the Software Security Code of Practice – a voluntary project designed to reduce software supply chain attacks and disruption.
Among others, Cisco, Palo Alto Networks, Sage, Santander and NCC Group will come on board as the scheme’s ambassadors, championing the Code across sectors, showcasing practical implementation, and providing feedback to inform future policy improvements.
Thomas Harvey, Chief Information Security Officer (CISO), Santander UK said: “We are pleased to be an ambassador for the UK government’s Software Security Code of Practice and it reflects our broader commitment to collective resilience. By advocating for these standards we’re not just protecting Santander and our customers, we are helping to build a more secure digital economy for everyone.”