The public services we rely on for the good functioning of society are increasingly performed, managed, and accessed digitally. From the highest-security communications to the most everyday tasks, from MI6 to the local benefits office, national and local government operates on digital infrastructure. And that means the threat of cyberattack is no abstract, futuristic concept – it’s a very real, very present danger for all levels of UK society, says Vimal Raj Sampathkumar, Technical Head at the IT analytics and security product firm ManageEngine.
The classic, oft-cited examples are the damage that could be done by cyberattacks affecting the power grid or NHS hospitals – and recently reported incidents have shown the remarkable chaos a knocked-out air traffic control system can bring. The British Library (pictured) is still suffering the after-effects of a ransomware attack in 2023. But the vulnerability goes beyond these headline-grabbing targets with cyber threats capable of disrupting critical infrastructure and public services.
As digitisation has scaled the attack vector for cybercriminals and state actors has increased exponentially. Legacy systems, limited budgets and fragmented ownership of risk across the public sector have created a level of exposure that could easily compromise public trust in the UK’s core infrastructure.
Now, in a much-needed acknowledgement of how exposed these critical public services have become to attackers, the government has shared new proposals for a Cyber Action Plan. The plan is designed to help boost cyber resilience in public services. The intervention is timely, given the ongoing inquiry after the UK Government was hacked by alleged Chinese action in October 2025. Foreign office data was compromised in the breach, and though no further details have been released, it’s a clear example of the high stakes involved in building resilient, effective public sector defences.
Command and control
The Cyber Action Plan places a new Government Cyber Unit at the centre of a government-wide approach to cybersecurity. This move along with the scale of investment, reflects a shift toward coordinated risk-led defence, which is undoubtedly significant. Centrally coordinated oversight can help close gaps and maintain a more robust line of defence against attacks, stopping them early before they unravel.
The emphasis on supply chain resilience is especially important. Attackers know that public services rely on a complex web of third-party cloud services, software vendors, and managed service providers (MSPs), all of which can provide weaker points of entry than the eventual target’s ‘front door’. Raising minimum standards for all these suppliers will reduce the likelihood that a single weak link can disrupt essential services and better protect public data.
Supply chain organisations need to act decisively to de-risk their operations. For example, they can review their application source code to identify weaknesses that could enable threats such as SQL injection or cross-site scripting. It’s also worth adopting defensive measures by carrying out penetration testing, running regular vulnerability scans, and deploying honeypots and honeytokens to mislead attackers and observe their methods.
The human element is also an important factor for cybersecurity risk, supporting and educating employees to remain alert to emerging cyber risks and consistently apply best practices will help secure operations and strengthen defences.
Central controllers also need to ensure suppliers are kept up to date with the latest releases of their IT systems and are required to apply them to any and all applications they use for public sector service. For cloud-based offerings, it’s important to deploy cloud access security broker (CASB) controls, encrypt data both in transit and at rest, and secure all communication channels between front-facing environments and the data centre.
Shining light into the blind spot
The Cyber Action Plan’s proposed investment and policy shift – while welcome – needs to go further to address the scale of the problem. Investment alone isn’t enough: the Government also needs to attract qualified talent and train staff in cybersecurity best practice.
The cyber skills shortage is well-documented, and the public sector isn’t exempt from the challenges facing businesses. As the digital landscape expands and cyber threats grow more complex, the available pool of qualified staff to direct the response is struggling to meet demand. As the Cyber Action Plan is rolled out, this critical element needs to be addressed with increased investment in education, from the earliest stages through to in-career training.
Cybercrime and nation-state actions pose a very real threat to the UK’s public sector. This new policy set points in a promising direction – with the right approach and skills in place, the UK’s defences can be shored up against the rising tide.
