The UK government has announced a new cyber action plan to protect online public services and strengthen digital resilience across the public sector
Backed by more than £210 million, the cyber action plan is designed to ensure citizens can use digital services such as benefits applications, tax payments, and healthcare access safely and with confidence.
Published on 6 January 2026 by the Department for Science, Innovation and Technology, the cyber action plan sets out how the government will respond to a growing number of cyber threats targeting public services and critical infrastructure.
Trusting digital government
As more public services move online, the government believes strong cybersecurity is essential to maintaining public trust. Digital transformation is expected to reduce paperwork, shorten waiting times, and enable people to access services more easily without repeatedly sharing the same information across departments.
If implemented effectively, the wider use of digital technology could unlock up to £45 billion in productivity gains across the public sector. However, cyber attacks pose a serious risk to these ambitions, with the potential to disrupt essential services within minutes.
The new cyber action plan aims to address these risks by improving how cyber threats are identified, managed, and responded to across government.
New government cyber unit to lead response
A main feature of the cyber action plan is the creation of a new Government Cyber Unit. This unit will oversee cyber risk management and incident response across departments, helping to coordinate action on the most serious and complex threats.
The unit will focus on improving visibility into cyber risks, enabling the government to prioritise protection of the most critical services. It will also support faster incident response by ensuring departments have robust plans in place to address cyberattacks and recover quickly.
By taking a more joined-up approach, the government aims to tackle threats that individual organisations cannot manage on their own.
Raising cyber standards across the supply chain
The cyber action plan is being published alongside the progress of the Cyber Security and Resilience Bill, which is currently moving through Parliament. The bill sets clear expectations for organisations that provide services to government, including energy, water, healthcare, and data centre operators.
Improving cyber resilience across supply chains is seen as vital to protecting national infrastructure and preventing disruptions that could affect daily life, such as power outages or service shutdowns.
The plan also introduces clearer minimum standards and stronger accountability to ensure vulnerabilities are addressed promptly.
Software security
Recognising the growing threat from software supply chain attacks, the government is launching a new Software Security Ambassador Scheme. The scheme supports the voluntary Software Security Code of Practice, which encourages organisations to embed basic security measures throughout the software development process.
More than half of organisations reported experiencing software supply chain attacks in the past year, highlighting the scale of the challenge. Leading technology and financial firms will act as ambassadors, promoting best practices across industries and helping shape future policy.
