£210m cyber action plan to protect digital public services
James
The government has announced a £210 million programme aimed at strengthening cyber resilience across central government and the wider public sector, as part of efforts to protect increasingly digital public services from growing online threats.
The Government Cyber Action Plan, published this week by the Department for Science, Innovation and Technology, sets out new measures designed to ensure that citizens can access essential services – from healthcare and benefits to tax payments – with greater confidence in their security and reliability.
Central to the plan is the creation of a new Government Cyber Unit, which will take a coordinating role across departments. The unit is intended to improve visibility of cyber and digital resilience risks, oversee incident response, and lead action on complex threats that cut across organisational boundaries. The government says this more joined-up approach will help address vulnerabilities more quickly and reduce the impact of cyber incidents when they occur.
The investment underpins the government’s broader digital transformation agenda, which aims to move more public services online, reduce administrative friction and avoid citizens having to repeatedly provide the same information to different departments. Ministers argue that effective use of technology across the public sector could unlock up to £45 billion in productivity savings, but acknowledge that these gains depend on maintaining public trust in digital systems.
The plan is being published alongside parliamentary scrutiny of the Cyber Security and Resilience Bill, which had its Second Reading in the House of Commons this week. The legislation is intended to set clearer expectations for organisations providing services to government, including those operating in critical sectors such as energy, water, healthcare and data infrastructure, to strengthen cyber resilience across supply chains.
The new funding is intended to support clearer minimum standards, more proactive risk management and increased hands-on support for public sector organisations. Departments will be required to have robust incident response arrangements in place, enabling faster reactions to emerging threats and quicker recovery from cyber attacks that could otherwise disrupt frontline services.
Speaking about the plan, Digital Government Minister Ian Murray MP said cyber attacks can take vital public services offline in minutes, undermining confidence in digital government. He said the measures were intended to “set a new bar” for public sector cyber defences and ensure services remain available and trustworthy as digitisation accelerates.
A further strand of the action plan focuses on software supply chain security. A new Software Security Ambassador Scheme will bring together major technology and security firms, including Cisco, Palo Alto Networks, Sage, Santander UK and NCC Group, to promote adoption of the Software Security Code of Practice.
