Government Cyber Action Plan

Chief Scientist of global cyber security at NCC Group said:

What is the Government Cyber Action Plan and why has it been revamped? 

“Backed by £210 million of funding, the Government Cyber Action Plan addresses long-standing challenges such as legacy systems, skills gaps and unclear accountability. It’s a timely and necessary step to protect vital online public services and as part of the UK’s Roadmap for a modern digital Government, it is also a response to the growing scale and sophistication of cyber attacks. Last year, the NCSC handled 50% more ‘high-severity incidents’ so the urgency of the situation could not be clearer.” 

Which organisations does it cover?  

“The Government Cyber Action Plan applies primarily to central government departments and the wider public sector. This includes arm’s-length bodies, where strong cyber security is integral to the resilience of the essential services they deliver. The plan places clear accountability on public sector leaders to manage cyber risk, while ensuring it is a core operational issue organisation-wide.” 

“While the plan is focused on government, it also has important implications for organisations across the public sector ecosystem. As the engine of modern organisations, supply chains are complex and layered, creating multiple penetration points for cyber criminals to breach different systems and organisations, with a risk that multiplies with every layer. The plan sets out clear expectations for how public sector organisations engage with suppliers - including good procurement practices, contractual security and resilience terms which will help to safeguard government security.” 

How does it work alongside other UK cyber security regulation and guidance? 

“The Government Cyber Action Plan is designed to work in tandem with existing UK cyber security regulation and guidance, including frameworks developed by the NCSC and initiatives such as the Software Security Code of Practice. Rather than introducing disconnected requirements, the plan strengthens alignment across government by reinforcing the importance of strong cyber fundamentals, clear ownership of risk and measurable progress. This ultimately creates a more coherent and practical approach to cyber resilience across the public sector and its partners.” 

How does it impact UK businesses? 

“Although the Government Cyber Action Plan is centred on public services, its impact extends well beyond government. By raising expectations around cyber resilience, accountability and supply chain security, it directly affects UK businesses that support the public sector. The plan reinforces that cyber security underpins the delivery of trusted services and a resilient digital economy, and that organisations supplying government must demonstrate robust and measurable cyber practices. 

“The wider UK business landscape is also evolving, with the Cyber Security and Resilience Bill currently going through Parliament. This is an essential piece of legislation that brings the cyber rules governing critical infrastructure in line with modern threats, economic realities and technological developments, while maintaining crucial flexibility to keep pace with the ever-changing cyber landscape. 

What should those impacted be doing in response? 

“Organisations impacted by the Government Cyber Action Plan should act now to strengthen core cyber resilience and address long-standing weaknesses, particularly in legacy systems and skills. To succeed, organisations must track progress against clear, measurable targets and collaborate across the public and private sectors, to harness the UK’s world-leading cyber expertise.  

“As a long-standing partner to the UK Government, NCC Group is proud to be a Software Security Ambassador. By helping the public sector align with recognised frameworks and adopt secure-by-design principles, we’re strengthening resilience across the UK’s critical services and supply chains. Collaboration between public sector organisations, their software and goods suppliers and with cyber experts will build lasting resilience in the face of evolving threats.”