UK unveils £210 million plan to strengthen cyber security sector

The government says the measures are designed to improve resilience across public services and main infrastructure.

What happened

The UK government has announced a new Government Cyber Action Plan, backed by more than £210 million, to strengthen cybersecurity across government departments and the wider public sector. Reporting by BleepingComputer stated that the plan includes the creation of a dedicated Government Cyber Unit to coordinate risk management, oversee incident response, and enhance visibility of cyber threats affecting public services, such as healthcare, benefits, and tax systems.

Going deeper

The action plan sets out minimum security standards for government bodies and requires departments to maintain tested incident response capabilities. Officials said the new unit will centralise oversight of cyber risk across departments, allowing faster coordination during incidents. The strategy also introduces a Software Security Ambassador Scheme to promote secure development practices across the public sector supply chain. Several major technology and financial firms have committed to participating, with the goal of improving security maturity among vendors that support government systems.

What was said

Digital Government Minister Ian Murray said cyber incidents can disrupt main public services within minutes and that the plan is intended to raise baseline protections across government. He stated that the measures are designed to move faster against cybercrime while improving safeguards for citizens who rely on online public services. The government also said departments will be expected to meet clearer security expectations and demonstrate progress through improved reporting and oversight mechanisms.

In the know

The announcement comes as governments in multiple countries are rethinking how much responsibility they can leave to individual departments when it comes to cyber risk. In the U.S., lawmakers recently reintroduced legislation that would push healthcare and public-sector organizations toward mandatory encryption, multifactor authentication, and regular security audits after years of high-impact breaches. UK officials have taken a different route, focusing first on central coordination and baseline standards rather than new statutory penalties. Recent incidents affecting healthcare, benefits, and local authorities have reinforced concerns that weaknesses in one part of the public sector can quickly cascade across others if oversight remains siloed.

The big picture

Mike Maddison, CEO of NCC Group, said the government’s new Cyber Action Plan arrives as cyber threats continue to disrupt organizations delivering necessary public services. “Cyber threats are now a daily reality for organizations delivering vital public services,” Maddison said, pointing to a 50% increase in highly important incidents handled by the NCSC last year. He said it was encouraging to see the government act “decisively,” backed by £210 million of funding, to address long-standing challenges such as legacy systems, skills gaps, and unclear accountability.

Maddison said the effectiveness of the plan will depend on how progress is tracked and delivered. “To succeed, progress must be tracked against clear, measurable targets and supported by collaboration across the public and private sectors,” he said. While the plan is UK-focused, the same pressures are shaping policy debates in the U.S., where repeated breaches across healthcare and public infrastructure have prompted renewed calls for stronger baseline controls and clearer accountability. Maddison also referenced NCC Group’s role as a Software Security Ambassador, saying the company is “proud” to support the Software Security Code of Practice and “committed to promoting the Code’s principles and working closely with the Government to strengthen resilience across the UK’s critical services and supply chains.”

FAQs

What is the Government Cyber Action Plan?

It is a national initiative that sets minimum cybersecurity standards, improves risk visibility, and strengthens incident response across UK government departments.

What part will the Government Cyber Unit play?

The unit will coordinate cyber risk management, oversee response to major incidents, and support departments during security events.

Why is the public sector a priority for cyber investment?

Public services rely heavily on digital systems, and disruptions can affect healthcare delivery, benefits access, and infrastructure.

How does this relate to recent UK cyber legislation?

The funding supports the implementation of the Cyber Security and Resilience Bill, which expands protections for needed services and modernises earlier regulations.

Will private companies be affected by these changes?

Yes. Vendors that supply software or services to government departments may be expected to meet higher security standards and follow updated practices.