The UK Government has unveiled a £210 million cyber action plan to secure online public services and protect people’s data as more services move online.
The plan aims to strengthen defences across departments, respond faster to cyber attacks, and support digitisation that could save up to £45 billion in productivity savings while cutting queues and paperwork.
Driven by a new Government Cyber Unit, the plan will rapidly improve cyber defences and digital resilience across government departments and the wider public sector, so people can trust that their data and services are protected.
It underpins UK Government plans to digitise public services. This will make more services accessible online, reduce time spent on phone queues and paperwork, and enable citizens to access support without repeating information across multiple departments. This approach could unlock up to £45 billion (note) in productivity savings by using technology effectively across the public sector.
Released as the Cyber Security and Resilience Bill has its Second Reading in the House of Commons, the Bill sets out clear expectations for firms providing services to the government to boost their cyber resilience. From energy and water suppliers to healthcare and data centres, strong defences throughout supply chains will help keep the water running and the lights burning - facing down the cyber attackers who want to grind our country to a halt.
The plan aims to foster clearer visibility into risks and stronger cross-departmental collaboration on severe and complex risks.
It will also drive a faster response to threats and incidents, and an overall higher resilience across government, with targeted measures to close major gaps and protect critical services.
Digital Government Minister Ian Murray said:
“Cyber-attacks can take vital public services offline in minutes – disrupting our digital services and our very way of life. This plan sets a new bar to bolster the defences of our public sector, putting cyber-criminals on warning that we are going further and faster to protect the UK’s businesses and public services alike.
This is how we keep people safe, services running, and build a government the public can trust in the digital age."
Further, a new Software Security Ambassador Scheme will now help drive adoption of the Software Security Code of Practice, a voluntary project designed to reduce software supply chain attacks and disruption.
Among others, Cisco, Palo Alto Networks, Sage, Santander and NCC Group will come on board as the scheme’s ambassadors, championing the Code across sectors, showcasing practical implementation, and providing feedback to inform future policy improvements.
Thomas Harvey, Chief Information Security Officer (CISO), Santander UK said:
"We are pleased to be an ambassador for the UK government’s Software Security Code of Practice and it reflects our broader commitment to collective resilience.
By advocating for these standards we’re not just protecting Santander and our customers, we are helping to build a more secure digital economy for everyone."
According to Jason Soroko, Senior Fellow at Sectigo, 2025 was “brutal” for cyber defence. He believes 2026 will be worse.
“Attackers are now deploying AI at a speed defenders simply haven’t matched. It’s an asymmetry that widens by the month.”
Soroko argues that many organisations are still failing at the basics.
“Defenders have been slow to adopt stronger authentication — it’s like refusing to put better locks on the doors. Attackers take full advantage of that.”
While passwordless systems are increasingly critical, he warns that passkeys remain difficult to deploy in centralised enterprise environments, leaving “gaps everywhere.”
The result, he says, is a familiar but accelerating pattern: ransomware payouts continue to rise, attack surfaces keep expanding, and security teams struggle to keep pace.
“Without coordinated collaboration between vendors, the curve bends in the wrong direction.”
Looking ahead, Soroko predicts a turning point that the industry won’t welcome.
“2026 will mark the first publicly acknowledged Fortune 500 material breach caused by prompt injection.”
As organisations rush to deploy LLM-integrated systems, he warns that many will do so without adequate safeguards.
“Adversaries will learn how to coerce those models into executing harmful internal commands or leaking sensitive data. The industry still treats prompt injection like a clever party trick rather than a real security class. It’s not.”
Critically, attackers won’t need to compromise the model itself.
“Even without ‘attacking the model,’ they can weaponise its instructions — and organisations aren’t ready for that.” To counter this, he argues, defensive thinking will need to evolve quickly.
“Model-signing and treating small models like firmware will emerge as essential controls. Anything less leaves enterprises dangerously exposed.”
Would you like to write the first comment?
Login to post comments