Publication - Strategy/plan

Cyber resilience: private sector action plan 2018-2020

Published: 25 Jun 2018
Safer Communities Directorate
Part of:
Business, industry and innovation

Plan to develop a common, aligned approach to cyber resilience across the private sector in Scotland, so that all sections of society and business benefit from being digitally safe and secure.

52 page PDF

940.0 kB

52 page PDF

940.0 kB

Cyber resilience: private sector action plan 2018-2020

52 page PDF

940.0 kB






5 See:



8 Businesses with fewer than 10 employees and sole traders – see:


10 Ibid.

11 The Cyber Essentials scheme offers a mechanism, endorsed by the National Cyber Security Centre, for organisations to demonstrate to customers, investors, insurers and others that they have adopted five critical network controls to guard against the most common forms of cyber-attack. taken essential precautions. See: for further details.

12 A list of certifying bodies operating in Scotland is available at the SBRC website:

13 See:


15 Available at

16 In line with Article 1 (7) of the Directive, the banking and financial market infrastructures sectors within scope of the Directive will be exempt from aspects of the Directive where provisions at least equivalent to those specified in the Directive will already exist by the time the Directive comes into force. Firms and financial market infrastructure within these sectors must continue to adhere to requirements and standards as set by the Bank of England and/or the Financial Conduct Authority.

17 Some operators in this area will already be subject to the new NIS requirements.

18 See:

19 See:

20 See:

21 See, e.g. the Global Cyber Alliance’s free DMARC and Protected DNS (Quad 9) services:

22 Proportionate to the size and resources of the member company.

23 This may, for example, take the form of guidance on “Supplying Scotland’s [Finance/Energy/ Pharmaceutical] Sector: Common Core Cyber Resilience Requirements” or “Supplying Scotland’s larger companies: Common Core Cyber Resilience Requirements”.