Cyber Security
. . . . . . . . . . . . . . 


Digital technology offers huge opportunities for Scotland as a modern, progressive nation.

Whether in the public, private or third sectors, our ability to inform and interact with citizens and consumers is being transformed by the digital world. Scottish public bodies, businesses and charities are developing ambitious plans to embrace these opportunities.

Trust and confidence are fundamental to the success of these plans. As the threat from cyber criminals and other hostile actors in cyberspace grows, we must do all we can to ensure our digital services are as secure as possible, and can recover quickly when cyber-attacks succeed.

The ambition of the Scottish Government and the National Cyber Resilience Leaders' Board is for Scotland to be a world leading nation in cyber resilience.

Scotland's cyber resilience strategy, Safe, Secure and Prosperous, provides an ambitious framework for action. Many organisations in Scotland's public, private and third sectors have already prioritised putting in place sound cyber security measures. But there is a need for further, concrete actions to help achieve its ambition.

The Programme for Government set out a commitment to develop a suite of action plans to help move Scotland as a whole towards greater cyber resilience. The overall aim of those action plans has been to develop a culture in which our nation's cyber resilience is, rightly, seen as everyone's business – from the smallest micro business or charity, to the largest, most complex public and private sector organisations.

The Public Sector Action Plan, developed jointly by the Scottish Government and the National Cyber Resilience Leaders' Board, represented an initial, significant step towards establishing that wider culture of cyber resilience in Scotland. While many Scottish public bodies already have sound standards of cyber security in place, the aim is for the Scottish public sector as a whole to become an exemplar in this field over time.


  • Increasing cyber resilience through raising awareness
  • Embeding cyber resilience in education and lifelong learning
  • Increasing cyber resilience among public sector employees
  • Developing the cyber security workforce and profession
  • Embeding a common approach to cyber resilience across the public sector
  • Ensuring clear and robust cyber Catalysts & the Cyber Resilience Framework
  • Benchmarking, monitoring, and evaluating third sector cyber resilience