The UK government is investing £210 million to bolster cyber security across its public services, establishing a new central Cyber Unit to coordinate risk management and incident response. This comes after three Greater London borough councils experienced significant disruption following a cyber attack at the end of 2025.
Strengthening Defenses Against Rising Threats
The new plan aims to improve the UK’s cyber resilience and protect vital public services.
- The £210 million Cyber Action Plan will enhance IT security across the UK public sector.
- A central cyber Unit will coordinate responses to cyber incidents across government departments.
- The plan is part of a larger effort to save up to £45 billion by digitising Britain’s public services.
“We are taking a zero-tolerance approach to cyber attacks and will challenge head-on,” the government affirmed.
The initiative seeks to ensure citizens can confidently access online public services,from applying for benefits to managing taxes and healthcare. This aligns with a larger ambition to save up to £45 billion by digitising Britain’s public services.
“this plan sets a new bar to bolster the defences of our public sector,putting cyber criminals on warning that we are going further and faster to protect the UK’s businesses and public services alike,” said digital government minister Ian murray. “This is how we keep peopel safe, services running, and build a government the public can trust in the digital age,” he added.
The government intends for the cyber Action Plan to pinpoint digital risks, allowing focused efforts where they’re most critical. It will also facilitate stronger, centralised responses to complex cyber challenges that individual departments couldn’t tackle alone, and enable quicker reactions to evolving threats and faster recovery times after unavoidable incidents.
Boosting Security Through Legislation and Collaboration
The launch of the Cyber Action Plan coincides with the second reading of the Cyber Security and Resilience Bill (CSRB) in the House of Commons on 6 january 2026.
The measures within the CSRB have been extensively detailed over the past year through consultations and debates before its introduction to Parliament.
At its core, the bill reforms and enhances the Network and Information Systems (NIS) Regulations of 2018, aiming to strengthen Britain’s defences against cyber attacks and safeguard essential services like electricity and utilities.
Significantly, the bill designates key parts of the IT industry – including datacentre operators and larger managed service providers (MSPs) – as essential services subject to regulation by Ofcom and the Information Commissioner’s Office.
Alongside this legislative effort, the government is initiating a Software Security Ambassador Scheme to encourage adoption of the Software Security Code of Practice announced last year.
Government statistics reveal that over 59% of UK organisations have experienced disruption due to software supply chain attacks in the last 12 months. To address this, firms including Cisco, NCC Group, Palo Alto Networks, Sage and Santander have been invited to serve as ambassadors, championing the code, demonstrating its implementation, and providing feedback for future development.
