The UK government has unveiled a £210m Cyber Action Plan to reinforce IT security resilience across the nation’s public services, with a new central Cyber Unit to be established to coordinate risk management and incident response across departments.
Westminster said that its new plan would “rapidly improve cyber defences across government departments and the wider public sector”. Cyber attacks can take vital services offline in a matter of seconds – as exemplified at the end of 2025 when three Greater London borough councils saw extensive disruption following an incident – “the new plan addresses this challenge head-on,” said the government.
Ultimately, it said, it wants to make sure ordinary people can use online public services with confidence, whether they are applying for benefits, paying taxes, or accessing healthcare services – this is part of a wider ambition to save up to £45bn by digitising Britain’s public services.
“This plan sets a new bar to bolster the defences of our public sector, putting cyber criminals on warning that we are going further and faster to protect the UK’s businesses and public services alike,” said digital government minister Ian Murray.
“This is how we keep people safe, services running, and build a government the public can trust in the digital age,” he added.
The government hopes the Cyber Action Plan will shine a light on digital risk across government and enable it to focus efforts where they are most needed; enable stronger, centralised action on the more severe and complex cyber challenges that departments and other government bodies could not possibly resolve on their own; and enable the government as a whole to both react quicker to ever-faster moving threats and minimise recovery times following inevitable incidents.
Security ambassadors
The launch of the new Cyber Action Plan accompanies the second reading of the Cyber Security and Resilience Bill (CSRB) in the House of Commons on 6 January 2026.
The measures in the CSRB have been detailed extensively in the past year as the legislation moved through various consultations and debates before being introduced to Parliament.
At its core, the bill reforms and enhances the now somewhat outdated Network and Information Systems (NIS) Regulations of 2018 to increase Britain’s defences against cyber attacks and protect the availability of vital services such as electricity and other utilities.
Notably, it also designates significant elements of the IT industry, such as datacentre operators and larger managed service providers (MSPs) as essential services subject to the bill’s provisions and to be regulated by Ofcom and the Information Commissioner’s Office respectively.
Alongside this, the government is also launching a Software Security Ambassador Scheme to help drive adoption of the Software Security Code of Practice announced last year.
With government statistics showing over 59% of UK organisations experienced some form of disruption following a software supply chain attack in the past 12 months, firms including Cisco, NCC Group, Palo Alto Networks, Sage and Santander have been invited to join as ambassadors to champion the code among their customers, showcase how to go about implementing it, and generating feedback to help inform future developments.