Digital strategy for Scotland: sustainable digital public services - delivery plan 2025-2028

6. Cyber Resilient Services

Scotland’s increasing reliance on digital technologies has brought significant benefits to public service delivery, but it has also expanded the cyber threat landscape. Emerging technologies, geopolitical tensions and the rise of ransomware and cyber-crime-as-a-service have made attacks more frequent and complex. Public services, including Local Government, face growing risks to data, infrastructure and continuity, requiring a more coordinated and proactive approach to cyber resilience.

The refreshed Strategic Framework for a Cyber Resilient Scotland sets out a national approach to strengthening cyber resilience across public services. Local Government is a key focus, with the framework emphasising the need for secure-by-design systems, improved incident response coordination, and stronger leadership on cyber risk. Recent attacks on councils and public infrastructure highlight the urgency of embedding cyber resilience into service delivery and governance to protect communities and maintain trust.

Summary of deliverables 2025-2028

To be delivered jointly

6.1 Regular cyber security exercising across the public sector technology landscape

6.2 Delivery of the ‘Strategic Framework for a Cyber Resilient Scotland 2025-2030’

To be delivered by the Scottish Government

6.3 Enhanced cyber security coordination and service delivery

6.4 Development of a Cyber Observatory to provide a clearer picture of cyber maturity across the public sector

To be delivered by Local Government

6.5 Engage and progress the priorities from the ‘Strategic Framework for a Cyber Resilient Scotland 2025-2030’

6. Cyber Resilient Services: deliverables

Joint Deliverables

6.1 Regular cyber security exercising across the public sector technology landscape

By 2028, the Scottish Government will have expanded existing exercising services, including tools and training programmes, to enable all Local Authorities to regularly undertake valuable and actionable incident response exercises. These exercises will test and validate organisational and operational response processes against a wide range of potential incidents.

Beyond the Scottish Government’s existing cyber exercising cadre, as we work to deliver this you can expect to see an increase in the frequency and range of exercises being undertaken both by Local Authorities individually, and as facilitated events led by the Scottish Government and the Digital Office for Scottish Local Government.

6.2 Delivery of the ‘Strategic Framework for a Cyber Resilient Scotland’

By 2028, the Scottish Government in collaboration with Local Government will have developed and implemented sector-specific action plans that strengthen cyber resilience across public services in support of the Strategic Framework. These plans will be reviewed regularly to ensure they remain responsive to emerging threats and aligned with national priorities.

As we work to deliver this, you can expect to see:

• coordinated leadership and governance across national and local levels
• clear accountability for cyber risk embedded in public service planning
• shared access to threat intelligence, incident response protocols and best practice
• support for Local Authorities to assess and improve their cyber maturity
• investment in workforce development, including training and professional standards
• integration of cyber resilience into digital transformation programmes
• ongoing collaboration through the Public Sector Cyber Resilience Network

Sponsor: Alan Gray (Deputy Director, National Cyber Security and Resilience, Digital Directorate, Scottish Government) and David Ritchie (Chief Information Security Officer, Digital Office for Scottish Local Government)

Scottish Government Deliverables

6.3 Enhanced cyber security coordination and service delivery

By 2028, the Scottish Cyber Coordination Centre (SC3) will have completed delivery of the SC3 Strategic Plan, providing a range of services and support to Local Government and the wider public sector in support of the ‘Scottish Government’s Strategic Framework for a Cyber Resilient Scotland’.

As we work to deliver this, you can expect to see:

• data-driven threat and vulnerability intelligence shared across the public sector on current and emerging cyber security issues
• increased preparedness and resilience against cyber incidents across the public sector, backed by robust and well-tested response plans
• increased adoption of appropriate cyber assurance standards and operational good practices across the public sector
• continued delivery of robust incident response support for organisations, with SC3 leading on multi-agency coordination and support efforts for major public sector cyber incidents, including victim support, specialist technical services, and ministerial engagement

6.4 The Cyber Observatory

The Scottish Government is committed to strengthening cyber resilience through improved data, insight and reporting. Central to this is the development of the Cyber Observatory, a national capability led by the SC3. The Observatory will provide a clearer picture of cyber maturity across the public sector, enabling more targeted support, better risk management and informed decision making.

As we work to deliver this, you can expect to see:

• enhanced reporting on public sector cyber maturity and risk posture
• a central portal for public bodies to engage with SC3 services
• automated data collection and analysis to support strategic planning
• improved visibility of vulnerabilities and response readiness
• evidence-based evaluation of cyber resilience initiatives

Sponsor: Alan Gray (Deputy Director for National Cyber Security and Resilience, Digital Directorate, Scottish Government)

Local Government Deliverables

6.5 Engage and progress the priorities from the ‘Strategic Framework for a Cyber Resilient Scotland 2025-2030’

By 2028, with the support of COSLA and the Digital Office, Local Government will have implemented the priority actions and adopted the detailed action plans where appropriate. The primary focus will be on fulfilling the vision of the Framework that Scotland thrives by being a digitally secure and resilient nation.

As we work to deliver this, you can expect to see:

• workforce strengthened by improved workplace culture and awareness
• exercises being delivered at all levels of Local Government both internally and with support from the Digital Office
• increased cyber maturity as measured by the Scottish Government Cyber Security Assessment and Cyber Assessment Framework
• the implementation of fundamental cyber hygiene such as MFA across all platforms

Sponsor: David Ritchie (Chief Information Security Officer, Digital Office for Scottish Local Government)

What does delivery mean for people in Scotland?

In today’s landscape, it’s not a matter of if a cyber incident will occur, but when. Delivery of these actions will proactively address this threat to reduce the risk of disruptive attacks and ensure continuity. This will provide increased protection of citizens’ personal data, more reliable access to services, and greater confidence in the digital systems that underpin daily life, and a public sector that’s better equipped to serve communities in an increasingly digital world. Ultimately, it’s about safeguarding trust and enabling progress.

Cyber resilient services: beyond 2028

From 2028 onwards, Scotland’s cyber resilience efforts will shift from scaling to sustaining maturity across sectors. The Cyber Observatory will provide deeper insights into public sector cyber posture, enabling more targeted interventions. Cross-sector collaboration will continue to strengthen incident response and innovation, while workforce development will focus on closing persistent skills gaps and embedding professional standards. Cyber resilience will be mainstreamed into business continuity planning, ensuring that public services remain secure, trusted and future-ready in an evolving threat landscape.