Cyber resilience economic opportunity: key actions 2018-2021

The Cyber Resilience Economic Opportunity action plan sets out the key practical steps we and our partners will take to grow Scotland’s cyber security industry.

1 Executive Summary

1.1 It has never been more important to be cyber resilient. Digital technologies bring enormous opportunities for Scotland – but also new threats and vulnerabilities. The global cyber attack on 12 May 2017, which affected more than 150 countries worldwide and impacted negatively on the NHS in Scotland and England, underlined the seriousness of the cyber threat. The increasing focus on privacy and ethics, including legislative changes such as the new General Data Protection Regulation and the NIS Directive[1], reinforces the importance of ensuring cyber security for digital services that handle citizens' personal data, and the protection of our essential services and national infrastructure.

1.2 The National Cyber Resilience Leaders' Board (NCRLB) and the Scottish Government believe that Scotland can become a world-leading nation in cyber resilience. Scotland has the capability to develop and supply world-leading research, goods and services at a time where domestic and global demand for cyber resilience is increasing.

1.3 This plan refers to this growing capability as "a cyber cluster" – the emergence of a new cluster of economic activity that creates a critical mass of competitive success, based on our technological, business and academic capabilities in this field. In the past, the term "cluster" often referred to highly concentrated or collocated groups of businesses, researchers and supporting institutions-all focused on a single market opportunity. This plan applies a broader, more up-to-date, interpretation of the cluster concept, to recognise the fact that Scotland has the characteristics of a geographically concentrated space, even when activities are spread across the whole of Scotland.

1.4 The focus of this plan is on creating the right conditions for Scotland's cyber security supply-side cluster to grow and thrive. It sets out actions that the Scottish Government and key partners will take during 2018-21 to ensure Scotland takes full advantage of these economic growth opportunities. It has been produced by the NCRLB and its economic opportunity sub-group, working in partnership with the Scottish Government, Scottish Enterprise, and Highlands and Islands Enterprise, and with input from other partners including academia and the private sector.

1.5 The aims of this action plan are to develop:

  • the right market conditions to encourage and support the continued emergence of the cyber security business community in Scotland;
  • the right academic research capability and capacity to support and grow cyber security business innovation in Scotland;
  • the right cluster management arrangements to ensure the approach is coordinated and has impact;
  • the right supporting institutions to stimulate innovation and renewal within the cluster; and
  • the right brand to help promote Scotland's cyber security cluster in the UK and internationally, grow cluster exports and reflect Scotland's emerging position as the place to be for researching, developing and supplying cyber security goods and services.

This plan:

  • Describes the actions that are required to achieve these aims;
  • Assigns ownership of the actions to lead partners; and
  • Sets out high-level monitoring and evaluation proposals that will allow us to determine progress towards realising our ambition.

1.6 The cluster is complex and consists of many parts. As well as core supply-side companies and their supply chains, it includes academia, researchers and research groups, and various supporting institutions. It is subject to environmental factors such as skills availability, legislation and government support. To ensure it functions coherently, a coordinated approach is essential. Overall coordination of this action plan will be led by the Scottish Government, working in close partnership with its enterprise and skills agencies, the NCRLB, Scottish Development International, Scottish industry and academia, and other Scottish stakeholders. It will also require strong links both within the UK (including the National Cyber Security Centre (NCSC), the National Crime Agency (NCA) and the UK Government's Department for International Trade (DIT), and internationally.

1.7 This plan is focused on creating the right conditions to support supply-side cluster growth. As the cluster evolves, so the actions required to support growth may change. Therefore, we will regularly review the actions and their impact through a process of monitoring and evaluation.

1.8 This plan contributes to the broader ambition set out in our national strategy for Scotland to become fundamentally cyber resilient. The Scottish Government and the NCRLB have developed other, linked, action plans for the public, private and third sectors, and for learning and skills, to achieve this. The outcomes of these action plans together will be complementary and reinforcing.

1.9 This plan contributes to progressing the priorities set out in Scotland's Economic Strategy[2], including:

  • promoting inclusive growth;
  • fostering a culture of innovation and investment; and
  • promoting Scotland on the international stage to boost trade and investment, influence and networks.



Back to top