Public, private and third sector cyber resilience

The importance of cyber resilience across Scotland's public, private and third sectors has never been greater. Digital technologies bring enormous opportunities for organisations, but they also bring new threats and vulnerabilities that we must manage.

We are working with partners to develop and implement action plans to enhance fundamental levels of cyber resilience in our public, private and third sectors.

Public sector action plan 2017 to 2018

We published the public sector action plan in November 2017. It was developed with the National Cyber Resilience Leaders Board and the National Cyber Security Centre. The plan aims to ensure that Scotland's public bodies have in place a common baseline of good cyber resilience practice, and are working towards becoming exemplars of cyber resilience. This is vital to ensuring our digital public services are safe and secure.

We have also provided an implementation toolkit to help public bodies understand how to implement with action plan.

We are working with the Public Sector Cyber Catalysts and the wider public sector to share knowledge and learning around public sector cyber resilience to identify common solutions to common problems.

Private sector and third sector action plans

We published the private sector action plan and third sector action plan in June 2018. They were developed with the National Cyber Resilience Leaders Board and the National Cyber Security Centre alongside key partners in Scotland's private and third sectors.

The action plans set out a detailed programme of work in partnership with Scotland's private and third sectors to help raise fundamental levels of cyber resilience. They have a particular focus on supporting our small and medium sized businesses and charities to understand the cyber threat and how to address it.

We have established private and third sector cyber catalyst working groups to share knowledge and learning across leading private sector organisations, and to identify practical solutions to key issues.

The Scottish Cyber Coordination Centre

The Scottish Cyber Coordination Centre (SC3) is Scotland’s central authoritative and collaborative function to combat the accelerating threat of cyber incidents in Scotland.

The SC3 is a multi-agency collaboration between Scottish Government, Police Scotland, the National Cyber Security Centre (NCSC) and key partners in the Health, Local Government and Education sectors. It coordinates the response to nationally significant cyber incidents, particularly those impacting the public sector.

The SC3 was launched by Scottish Ministers in February 2022. It is supported by a £1.5 million investment to establish SC3’s early capabilities.

SC3 has four key areas of work:

1. Incident and vulnerability management

Coordinating the response to significant cyber security incidents affecting Scotland and offering specialist support to victim organisations. The SC3 brings together a multi-agency group including Scottish Government, Police Scotland, and the National Cyber Security Centre to support victim organisations to recover.

2. Threat intelligence sharing

SC3 provides the focal point in Scotland for the analysis, assessment and dissemination of authoritative threat intelligence. SC3 shares threat intelligence with the Scottish public sector and others, including early warnings about critical software vulnerabilities which could be exploited to conduct a cyber attack. This helps the sector proactively defend their systems and networks.

To sign up for SC3’s threat intelligence reports please visit SC3 Threat Reports – Cyber Scotland or contact SC3@gov.scot.

3. Cyber exercising

SC3 helps public sector organisations prepare and test their incident response arrangements by sharing best practice and hosting training events.  

4. Cyber assurance

SC3 gauges the cyber security maturity of the Scottish public sector through an annual cyber security maturity survey. It is currently undertaking work on developing a cyber assurance framework for the public sector.  

Back to top