The UK Government has announced a Cyber Unit as part of a Cyber Action Plan. Briefly, among proposals is £210m spend on the unit based in the Department for Science, Innovation and Technology (DSIT); and a Software Security Ambassador Scheme, to drive adoption of a voluntary Software Security Code of Practice.
Digital Government Minister at DSIT Ian Murray said: “Cyber-attacks can take vital public services offline in minutes – disrupting our digital services and our very way of life. This plan sets a new bar to bolster the defences of our public sector, putting cyber-criminals on warning that we are going further and faster to protect the UK’s businesses and public services alike. This is how we keep people safe, services running, and build a government the public can trust in the digital age.”
Here are comments by Ian Bowell, vCISO, Thrive.
The Government Cyber Action Plan is a welcome and practical initiative that puts resilience at the heart of modern public services. Resilience matters because public services now run on connected systems; from NHS appointments and 111 triage to Universal Credit, council services and transport networks
Modern public services rely on digital platforms that citizens use every day, including healthcare, benefits, tax, licensing, and local council services. By helping to keep these services up and running, therefore, the plan also plays a key role in building trust with citizens while limiting exposure to risk.
Establishing a dedicated Cyber Unit to coordinate risk management and incident response takes these benefits a step further, making it easier for organisations and departments across the public sector to share intelligence, apply consistent standards and act quickly and effectively when incidents occur, reducing disruption to essential services.
Recent attacks, like those on Kensington, Westminster and Hammersmith councils and on Barts Health NHS Trust show how a single vulnerability can ripple across supply chains and service providers. The focus on improving software and supplier security through the Software Security Code of Practice and the Ambassador Scheme is therefore timely. Encouraging secure development practices and greater accountability among vendors will strengthen collective defences and build confidence across the sector.
To ensure the success of the government’s plan, investment in skills, clear lines of responsibility, and well-tested response playbooks will be just as important as technology. Automation and AI can enhance detection, accelerate containment and improve visibility across complex environments, but it’s the people and process that remain at the heart of any effective defence.
Real progress will come from joining up security operations, infrastructure and automation, then measuring what improves over time. The focus now should be on translating the plan into repeatable day-to-day resilience across public sector organisations and their suppliers. Doing this will be critical in helping to ensure the resilience of public services.
