The UK government has announced a new Cyber Action Plan designed to protect the UK’s online public services after a year of high-impact cyber attacks against major British companies.
At the centre of this plan is the creation of a new Government Cyber Unit, designed to help tackle cyber threats quickly in the public sector, alongside a Software Security Ambassador Scheme designed to improve the security of software used across the country.
Backed by a huge £210 million in funding, the plan is a sign that the government is taking cyber security seriously, especially as it plans to digitise even more services in the coming years.
A Response To A Growing Number Of Attacks
The announcement comes after a year of big cyber attacks on UK businesses.
Companies like Jaguar Land Rover, Marks & Spencer and The Co-op all suffered huge blows in 2025. A technology company linked to the NHS also reported their own cyber attack, with many questioning whether the UK’s public sector is well enough protected.
And whilst cyberattacks can be highly inconvenient, they can also be incredibly costly. In fact, research published by the government last year estimated that the average cost of a big cyber attack on a UK business is around £195,000. When you think about that on a national level, cyber attacks are estimated to cost the UK £14.7 billion per year, which is around 0.5% of GDP.
And whilst big company attacks usually make headlines, it’s the smaller businesses that end up being affected the most. £195,000 is a huge blow to an SME, and finding and employing the right people to respond when attacks do happen can be difficult.
With this in mind, the government’s plan is about having systems set up in a way to prevent cyber attacks before they can do any real harm.
What The New Government Cyber Unit Will Do
At their heart of their plan is the Government Cyber Unit, which will sit within the Department for Science, Innovation and Technology and be led by the Government Chief Information Security Officer.
Instead of having departments manage cyber risks on their own, the unit is designed to service every department across the government – protecting the systems as a whole.
According to the government, this will allow mean the unit is able to tackle cyber attacks that no department could stop on its own.
Departments will also be asked to have their own response protocols in place, allowing them to act faster and minimise disruption.
More from Cybersecurity
- Cyber Resilience: The New Hallmark Of Effective Leadership In The AI Age?
- Expert Predictions For Cybersecurity In 2026
- INE Security Expands Across Middle East And Asia To Accelerate Cybersecurity Upskilling
- Link11 Identifies Five Cybersecurity Trends Set To Shape European Defence Strategies In 2026
- IT Support Roles On The Rise In London
- SpyCloud Data Shows Corporate Users 3x More Likely To Be Targeted By Phishing Than By Malware
- INE Expands Cross-Skilling Innovations
- Seraphic Becomes The First And Only Secure Enterprise Browser Solution to Protect Electron-Based Applications
Ian Murray, Minister of State for Digital Government and Data, said cyber attacks can take public services offline in minutes, which is a huge problem for the millions of people relying on them.
“This plan sets a new bar to bolster the defences of our public sector, putting cyber criminals on warning that we are going further and faster to protect the UK’s businesses and public services alike,” he said.
Why Investing In Public Sector Cyber Resilience Is Important
Over the past few years, the government have made it clear that they want to continue making public services more digital. This not only helps with admin, but can give people faster access to services they need.
The problem? Having so much online makes public data vulnerable to cyberattacks, and if people know that their data isn’t secure, then they won’t use the services available.
To help combat this, The Cyber Action Plan is designed to make government systems more resilient, helping to build trust in public services.
Software Security Ambassador Scheme Launches
As well as the new Cyber Unit, the government has also announced the launch of a Software Security Ambassador Scheme.
The scheme is designed to drive the Software Security Code of Practice, a project introduced in 2025 to help reduce software supply chain attacks.
The ambassador scheme brings together big names in cyber security, including Cisco, Palo Alto Networks, Sage, Santander and NCC Group. These companies will share best practice and show the importance of cyber resilience.
Thomas Harvey, Chief Information Security Officer at Santander UK, said “By advocating for these standards we’re not just protecting Santander and our customers, we are helping to build a more secure digital economy for everyone,”
But Is £210 Million Enough?
The Cyber Action Plan has been praised by cyber security companies and sector leaders, especially when it comes to building resilience across all government layers.
However, some have questioned whether the £210 million budget is enough given how much work actually needs to be done.
Ade Taylor, Head of Security Services, Roc Technologies commented “The ambition behind the UK’s Cyber Action Plan to include the launch of a new Cyber Unit to bolster defences against cyber threats is welcome. Yet, the reported £210m funding feels modest against the scale of recent critical national infrastructure incidents, where costs can quickly run into the billions, and adversaries are persistent and well resourced.
“However, a new initiative to coordinate public sector responses should help to strengthen coordination, and the timing is certainly hard to argue with.”
The Future Of Cyber Security In The UK
Cyber security is still a huge cost to the UK economy and the businesses that drive it, affecting companies of every size.
The launch of the Government Cyber Unit and the Software Security Ambassador Scheme is a step in the right direction when it comes to building resilience in the UK. But is the budget enough? And will this be enough to build trust in an increasingly digital UK public sector? Only time will tell.
