Cyber Action Plan set to tackle threats and strengthen public services

Backed by over £210 million, the Government Cyber Action Plan sets out how Government will rise to meet the growing range of online threats. Driven by a new Government Cyber Unit, the Cyber Action Plan will “rapidly improve” cyber defences and digital resilience across Government departments and the wider public sector.  

The move underpins the Government’s plans to digitise public services. This will make more services accessible online, reduce time spent on phone queues and paperwork and enable citizens to access support without repeating information across multiple departments. This approach could unlock up to £45 billion in productivity savings by using technology effectively across the public sector.

However, realising these benefits depends on trust. As services move online, they must be secure and resilient. Cyber attacks can take vital public services offline in minutes, disrupting lives and undermining confidence. The new Cyber Action Plan, itself released as the Cyber Security and Resilience Bill has its Second Reading in the House of Commons, addresses this challenge head-on.

Visibility of risks

The Government Cyber Action Plan will lead to: 

*clearer visibility of risks: shining a light on cyber and digital resilience risks across Government so that efforts can be focused where this matters most

*stronger central action on the toughest challenges: taking decisive and joined-up action across departments on severe and complex risks that no single organisation can solve alone with a dedicated team overseeing co-ordination

*faster response to threats and incidents: reacting quickly to fast-moving cyber threats and vulnerabilities in order to minimise harm and speed up recovery by requiring departments to have robust incident response arrangements in place

*higher resilience across Government: boosting resilience at scale, with targeted measures designed to close major gaps and protect critical services

Setting a new bar

Digital Government Minister Ian Murray explained: “Cyber attacks can take vital public services offline in minutes, in turn disrupting our digital services and our very way of life. This Cyber Action Plan sets a new bar to bolster the defences of our public sector, putting cyber criminals on warning that we are going further and faster to protect the UK’s businesses and public services.”

Murray added: “This is how we keep people safe, make sure that services are running and build a Government the public can trust in the digital age.”

The Government Cyber Action Plan is also bolstered by additional steps designed to take the UK’s cyber defences further and faster. A new Software Security Ambassador Scheme will now help drive adoption of the Software Security Code of Practice: a voluntary project designed to reduce software supply chain attacks and disruption.

Software underpins the economy as a core component of all technologies upon which businesses rely, yet weaknesses in software can cause severe disruption to supply chains and the essential services members of the public use every day with more than half (59%) of organisations experiencing software supply chain attacks in the past year.

These issues can be addressed by embedding basic software security practices across the software market. Among others, Cisco, Palo Alto Networks, Sage, Santander and the NCC Group will come on board as the scheme’s ambassadors, championing the Code across sectors, showcasing practical implementation and providing feedback to inform future policy improvements.

Risk remains high 

Cyber risk to the public sector remains high. The Cyber Action Plan responds with £210 million to spark a step change in public sector cyber defences, holding organisations to account for fixing vulnerabilities. This includes setting clear minimum standards and investing in more hands-on support to minimise the impact when incidents do occur.

Cyber resilience is central to the Government’s mission of national renewal. Secure and reliable digital public services help to protect citizens, support growth and deliver better value for taxpayers, while in parallel maintaining trust in the services communities rely on every day.

Thomas Harvey, Chief Information Security Officer at Santander UK, explained: “We are pleased to be an ambassador for the Government’s Software Security Code of Practice, which reflects our broader commitment to collective resilience. By advocating for these standards, we’re not just protecting Santander and our customers, but also helping to build a more secure digital economy for everyone.”

Sector feedback

Andy Ward, senior vice-president for international business at Absolute Security, observed: “Our research highlights that 59% of Chief Information Security Officers already view cyber as the single biggest threat facing the UK right now, above Artificial Intelligence and other risks. This is reinforced by the National Cyber Security Centre reporting a 50% rise in highly significant attacks over the past 12 months.”

Ward went on to state: “Last year, we saw how high‑level cyber attacks can cause costly operational downtime when defences are not strong enough to withstand disruption. This year, resilience should continue to be front and centre. Every organisation needs true cyber resilience at the heart of its operations, enabling companies to identify threats, manage disruption effectively and return to full service with minimal delay.”

Sawan Joshi, Group director of information security at the FDM Group, observed: “According to the National Cyber Security Centre, the UK is now experiencing four ‘nationally significant’ cyber-attacks every week. In this escalating threat landscape, it is essential that both Government and business take action to withstand rising risks.”

Joshi concluded: “These new measures to ensure public services are more secure must be seen as vital. However, true cyber resilience also depends on prioritising continuous training and sustained investment in developing the next generation of cyber talent.”

Judging cyber effectiveness

Findlay Whitelaw, cyber security strategist and researcher at Exabeam, commented: “The new Government Cyber Action Plan is a much-needed step forward, reinforcing the long-held industry view that voluntary frameworks and advisory models alone are not enough to produce measurable security outcomes.”

Whitelaw continued: “This move from the Government feels less like a policy change and more like a shift towards how cyber effectiveness will be judged. The focus is no longer just on stronger standards or tighter supplier obligations, but also on how quickly risk is identified, prioritised and contained when things don’t go to plan.”

Further, Whitelaw observed: “Currently, technical debt and supply chain exposure amplify security challenges within the public sector. Legacy infrastructure causes systemic weaknesses and many major security incidents are inherited through vendors, Managed Service Providers and service providers rather than originating from direct attacks. As a result, the security challenge increasingly shifts from prevention alone to the ability to detect and respond to risk as it propagates across organisational and supplier boundaries.”

In conclusion, Whitelaw noted: “Overcoming these hurdles and ensuring a secure future for the wider public sector requires less reliance on high-volume, alert-driven security operations and more emphasis on prioritising risk based on entities, behaviour and context. Advances in automation and Artificial Intelligence can cut through manual triage, stitch context and enable smarter and faster decisions. This approach shifts the focus from simply having controls in place to demonstrating their effectiveness at speed and scale under real operational conditions, not just on paper.”

Systemic risk

Matt Cooke, director of cyber security strategy at Proofpoint, explained: “The Government cites 59% of organisations experiencing software supply chain attacks in the past year, but for the public sector, this represents a systemic risk to the delivery of essential services. We are seeing a shift whereby advanced persistent threat groups and cyber criminals are increasingly targeting the interconnectedness of Government by using vulnerabilities in the vendor ecosystem to bypass traditional perimeters and gain a foothold in sensitive national networks.”

Cooke continued: “The challenge is that modern Government services rely on a complex web of third party cloud services and collaboration platforms. This distributed supply chain has expanded the human attack surface exponentially. Attackers are leveraging this trust by using sophisticated credential theft and account takeover techniques to move laterally from a supplier directly into the heart of Government departments.”

In addition, Cooke observed: “While centralised incident response through the Government Cyber Unit is a positive step, the focus must shift towards proactive supply chain integrity. Protecting digitised public services requires a move away from legacy thinking. We must secure the individuals who manage these systems and ensure that any link in the supply chain, no matter how small, cannot become a single point of failure for our national digital infrastructure.”