The UK government has unveiled a major new push to strengthen UK cybersecurity, committing more than £210m to protect public services as they move increasingly online.
The Government Cyber Action Plan, published today, sets out how ministers intend to defend essential systems against a rising tide of cyber threats while ensuring citizens can use digital services with confidence.
From paying taxes and applying for benefits to booking healthcare appointments, public services are being redesigned for the digital age.
The government believes this shift could unlock up to £45bn in productivity gains by cutting paperwork, reducing call centre backlogs, and allowing people to access support without repeatedly sharing the same information across departments. But those gains, officials acknowledge, depend on trust.
Speaking on the plan, Digital Government Minister Ian Murray said: “Cyber attacks can take vital public services offline in minutes – disrupting our digital services and our very way of life.
“This plan sets a new bar to bolster the defences of our public sector, putting cyber-criminals on notice that we are going further and faster to protect the UK’s businesses and public services alike.
“This is how we keep people safe, services running, and build a government the public can trust in the digital age.”
Building trust as services go digital
As more services migrate online, the risks grow alongside the rewards. Cyber attacks can disrupt vital systems within minutes, potentially cutting off access to healthcare, welfare payments, or other critical services.
The new plan puts resilience at the center of digital transformation, recognizing that UK cybersecurity must underpin every stage of reform if public confidence is to be maintained.
A newly established Government Cyber Unit will lead this effort, coordinating action across departments and the wider public sector.
Its role is to identify weaknesses, oversee responses to serious threats, and ensure that cyber defenses keep pace with the government’s digital ambitions.
Stronger oversight and faster responses
At the heart of the action plan is a drive to improve visibility of cyber risks across government. By developing a clearer picture of where systems are most vulnerable, resources can be directed to the areas that matter most.
The approach also signals a shift towards stronger central leadership on complex threats that individual organizations cannot manage alone.
Speed is another priority. Departments will be required to maintain robust incident response arrangements so they can react quickly to emerging threats and recover faster when attacks occur.
The aim is to minimize disruption to public services and limit the knock-on effects for citizens and businesses.
New legislation and supply chain security
The timing of the plan is significant. Its publication coincides with the second reading of the Cyber Security and Resilience Bill in the House of Commons.
The proposed legislation sets clearer expectations for companies that provide services to the government, from energy and water suppliers to healthcare providers and data centers.
By strengthening cyber resilience throughout public sector supply chains, the government hopes to reduce the risk that attacks on third parties could cascade into widespread service outages.
This focus reflects the reality that UK cybersecurity is only as strong as the weakest link in the system.
Tackling software vulnerabilities head-on
Alongside the action plan, ministers have announced a new Software Security Ambassador Scheme to promote better practices across the technology sector.
Software is a foundational element of the modern economy, yet weaknesses in software supply chains remain a major source of disruption. More than half of organizations reported experiencing a software supply chain attack in the past year.
The ambassador scheme will encourage the adoption of a voluntary Software Security Code of Practice, with major firms such as Cisco, Palo Alto Networks, Sage, Santander, and NCC Group championing its principles.
By embedding basic security measures across the market, the government hopes to reduce systemic risks that affect both public services and the wider economy.
A step change in UK cybersecurity
The £210m investment is intended to drive a step change in public sector cyber defenses.
It will support the introduction of clear minimum standards, increase hands-on support for organizations struggling with vulnerabilities, and strengthen accountability for fixing known weaknesses.
Taken together, the measures signal a more assertive approach to UK cybersecurity. As digital services become the default, the government is betting that stronger defenses, clearer standards, and closer coordination will ensure innovation does not come at the expense of security or public trust.
