In the five years since its launch, Safe, secure and prosperous: a cyber resilience strategy for Scotland has put in place many of the building blocks to strengthen Scotland's ability to prepare for, withstand and recover from cyber attacks.
Through an ambitious, proactive and hugely collaborative approach, our strategy and its associated action plans have helped to establish Scotland as a leading nation in cyber resilience good practice.
Other countries look to us as a model for many aspects of our approach, particularly in the ways we have enhanced the cyber security of our public sector and our work to embed cyber resilience and cyber security skills across our education and lifelong learning system.
This report sets out the progress we have made in Scotland, and the impact our interventions have had to date. Fundamentally, this report shows that the cyber resilience of our people and organisations and our cyber security skills base have grown since 2015. It also illustrates the early growth to date of our cyber security products and services industry, while demonstrating that there is room for further opportunity and expansion.
Our cross-societal approach and the role of partners have been key to the substantial progress made so far. Many achievements are due to fantastic public, third and private sector drive and collaboration. Positive collaboration between governments and with the National Cyber Security Centre (NCSC) – our trusted source of cyber security advice, guidance and support – have also been critical factors in the progress made in these first few years.
I want to thank every organisation and individual for the part they have played in getting us to this important stage. I also want to thank the National Cyber Resilience Advisory Board, which has shown great national leadership, first under the chairing of Hugh Aitken, and now under the chairing of David Ferbrache. Thank you to Hugh and David for your advice, determination and ambition on behalf of Scotland.
It is clear to me, however, that our task is not yet complete and will continue to challenge all of us, whether government, digital public services, businesses or individuals. The global landscape has changed significantly since the publication of this strategy. The technological and threat environment is constantly evolving and, as the ongoing COVID-19 pandemic has shown us, reliance upon digital technologies is central to the conduct of business and education activity. COVID-19 has required fundamental change, at pace, to how we work, how we do business and how we interact socially. We must look beyond 2020 and consider how we can sustain a long-term national response, ensuring that cyber resilience is seen as a fundamental and integral component of economic and societal recovery. Of course, we cannot do this alone. We need to work ever more closely with industry and wider society in Scotland, across the UK and internationally, to ensure that Scotland continues to be a safe, secure and resilient place to live, work and do business. This report is a critical component of that continued endeavour: a staging post from which we can reflect back to help us look forward.
John Swinney MSP
Deputy First Minister and Cabinet Secretary for Education and Skills