A new Cyber Unit to coordinate responses to cyber threats across the public sector and an ambassador scheme to help encourage secure software development have been announced as part of the UK government’s new Cyber Action plan.
Designed to make online public services more resilient against disruption from cyber-attacks, the measures come following a range of high-profile incidents against UK organizations during 2025 – including Jaguar Land Rover, Marks & Spencer and The Co-op.
Meanwhile, a technology supplier to the National Health Service (NHS) recently confirmed that it was hit by a cyber-attack.
£210m ($285m) is being made available for the Government Cyber Action Plan, with the aim of improving minimum cybersecurity standards and providing what’s described as “more hands-on support” to minimize the impact of cyber incidents when they do happen.
Central to this is the newly announced Government Cyber Unit – part of the Department for Science, Innovation and Technology and led by the Government Chief Information Security Officer - to coordinate risk management and incident response across departments.
The idea is that this will allow stronger actions to be taken against cybersecurity challenges facing the public sector, with joined-up action across departments on risks and incidents that it would be difficult for a single organization to solve alone.
It’s also hoped that the Government Cyber Unit will allow for a faster response to threats and incidents, minimizing the potential for harm and disruption to digital public sector services and by requiring departments to have robust incident response arrangements in place.
“Cyber-attacks can take vital public services offline in minutes – disrupting our digital services and our very way of life,” said Ian Murray, Minister of State for Digital Government and Data.
“This plan sets a new bar to bolster the defences of our public sector, putting cyber-criminals on warning that we are going further and faster to protect the UK’s businesses and public services alike.”
Software Security Ambassador Scheme Launched
In addition to the new Cyber Unit, the government has announced a new Software Security Ambassador Scheme, with the aim of it helping to drive the Software Security Code of Practice – a project introduced in 2025 designed to reduce software supply chain attacks and disruption.
While the Code of Practice is voluntary scheme, it aims to highlight how weaknesses in software can cause severe disruption to supply chains and digital services – and how embedding basic software security practices across the software market can help protect against software supply chain attacks.
Ambassadors who have already joined the scheme include representatives from Cisco, Palo Alto Networks, Sage, Santander and NCC Group.
“We are pleased to be an ambassador for the UK government’s Software Security Code of Practice and it reflects our broader commitment to collective resilience,” said Thomas Harvey, CISO at Santander UK
“By advocating for these standards we’re not just protecting Santander and our customers, we are helping to build a more secure digital economy for everyone.”
Plan Welcome but Concerns Arise Over Impact
The plan has broadly been welcomed by cybersecurity leaders – although there concerns that the budget of £210m isn’t enough to have a significant impact.
“It’s encouraging to see increased investment across government and the public sector, especially the focus on resilience, visibility, and reducing risk through the new cyber unit,” said Trevor Dearing, director of critical infrastructure at Illumio.
“But £210 million is nowhere near enough to address the scale of the problem.”