How the UK Cyber Action Plan Secures Digital Public Services

Its a new year and new action plans are raring to go.

The UK government has kicked off 2026 with the launch of a £210m (US$284m) Cyber Action Plan to improve the resilience and security of digital public services. 

With the new scheme in place, the aim is to protect and secure online public service systems – from paying taxes and accessing healthcare to applying for benefits – the plan will ensure these services remain available even when targeted by cyber attacks.

Digital Government Minister Ian Murray says: "Cyber-attacks can take vital public services offline in minutes – disrupting our digital services and our very way of life.

"This plan sets a new bar to bolster the defences of our public sector, putting cyber-criminals on warning that we are going further and faster to protect the UK’s businesses and public services alike.

"This is how we keep people safe, services running and build a government the public can trust in the digital age."

Coordinated resilience across departments

The action plan introduces a Government Cyber Unit that will coordinate cyber defence across departments and the wider public sector. 

Such development of a cyber unit will improve visibility of cyber risks, speed up response times and take joint action on complex threats.

By providing clearer oversight of government systems, the unit enables better prioritisation of effort and resources. It also ensures consistent incident response procedures are in place, so departments can react quickly and limit disruption.

Not only does the plan support cyber risks but it also supports the government’s digital ambitions, which include putting more services online to reduce time spent on calls or paperwork.

Introducing a shift to the digital realm aims to create more joined-up services where users no longer have to repeat information across departments. The government estimates this could unlock up to £45bn ($US60.7bn) in productivity savings across the public sector.

However, the success of this shift depends on strong cybersecurity. Disruption caused by attacks can take critical services offline, reduce public confidence and put personal data at risk. The plan focuses on securing these systems so they remain trusted and available.

The Cyber Security and Resilience Bill, currently at its Second Reading in the House of Commons, outlines mandatory cyber resilience expectations for organisations delivering services to the government. This includes telecoms, healthcare, water, energy and data infrastructure. Ensuring strong supply chain protection is key to preventing wider disruption when attacks occur.

Telcos and tech firms back software security push

The action plan also includes a new Software Security Ambassador Scheme, created to prevent software supply chain attacks. These incidents occur when attackers exploit vulnerabilities in the software development process or delivery chains.

The scheme promotes the Software Security Code of Practice – a voluntary code encouraging developers to adopt secure coding principles and manage risks.

Government data shows 59% of organisations have experienced software supply chain attacks in the past year. These incidents can affect essential services that rely on third-party software, including systems in telecoms and utilities.

As part of the scheme, major firms including Cisco, Palo Alto Networks, Sage, Santander and NCC Group will serve as ambassadors. They will promote best practice, support wider adoption of the code and offer feedback to inform future policies.

Thomas Harvey, Chief Information Security Officer at Santander UK, says: "We are pleased to be an ambassador for the UK government’s Software Security Code of Practice and it reflects our broader commitment to collective resilience. 

“By advocating for these standards we’re not just protecting Santander and our customers, we are helping to build a more secure digital economy for everyone."

Setting new standards for public sector defence

The £210m (US$284m) investment provides departments with direct support, guidance and tools to meet baseline security standards. It also focuses on addressing vulnerabilities, improving response capability and minimising service disruption during attacks.

Cyber resilience now forms a core part of the government’s approach to digital transformation. Secure, reliable systems are critical to protecting citizens, supporting economic growth and ensuring long-term public trust in online services.

For telcos and digital service providers, the action plan reinforces the shared responsibility to keep infrastructure safe. Whether maintaining network uptime or securing the software stack, their role is central to the UK’s cyber defences.