Publication - Progress report

Cyber resilience strategy 2015-2020: progress report

This report entitled 'Firm foundations' highlights the progress of 'Safe, Secure and Prosperous: A Cyber Resilience Strategy for Scotland' (2015-2020).

Cyber resilience strategy 2015-2020: progress report
2 Timeline of Key Milestones

2 Timeline of Key Milestones



  • Safe, Secure and Prosperous: A Cyber Resilience Strategy for Scotland launched at the National Economic Forum.



  • Learning and Skills Coordinator appointed.


  • Higher Education Integrator appointed.


  • National Board established; first meeting took place.


  • CiSP Coordinator appointed.



  • Cyber resilience named within Scotland’s 3 to 18 curriculum. (Curriculum for Excellence)


  • Cyber Resilience: Public Sector Action Plan 2017-2018 published.
  • Third Sector Action Plan Cyber Resilience Steering Group established.



  • Learning and Skills Action Plan for Cyber Resilience 2018-2020 published.


  • Cyber Resilience: Private Sector Action Plan 2018-2020 published.
  • Cyber Resilience: Third Sector Action Plan 2018-2020 published.
  • Third Sector Cyber Catalyst group established.
  • HNC in Cyber Security validated by Scottish Qualifications Authority.


  • Workplace Coordinator appointed.


  • Economic Opportunity Action Plan published.
  • Cyber Resilience Learning and Skills Steering Group established.


  • Dynamic purchasing scheme for Digital Services launched, to include cyber security services.



  • CYBERUK 2019 Conference took place in Glasgow.
  • Cyber Scotland Week took place for the first time.
  • Safe, Secure and Empowered guidance and resources for non-formal learning workers published.
  • Cyber Centre for Doctoral Training programme announced by EIT Digital.


  • Third Sector Cyber Resilience Coordinator appointed.


  • HND in Cyber Security validated by SQA.


  • Head of Cyber Cluster appointed.


  • Cyber Capability Toolkit launched.
  • Cyber careers map published.


  • Internet of Things innovation challenge programme launched.
  • Cluster Management Organisation officially launched.


  • Cyber capability database went online



  • Public Sector Cyber Resilience Framework and self-assessment tool published.
  • Supply Chain Cyber Security Policy published.
  • Scottish Cyber Assessment Service launched.
  • Number of learners completing the National Progression Awards in Cyber Security reached 1600.


  • 2nd Cyber Scotland Week
  • Senior Leaders Public Sector Forum took place.
  • Pilot of Cyber Advice Helpline launched.
  • Scotland’s cyber proposition for inward investors created.


  • Senior Leaders Public Sector Forum took place.

March onwards:

  • COVID-19: community engagement and awareness raising to highlight the cyber threat related to COVID-19. Launch and distribution of weekly Bulletin, providing advice in relation to immediate cyber threats relating to COVID-19.


  • NPAs in Cyber Resilience validated by SQA.


  • Exercise in a Box delivery programme started.


  • Neurodiversity cyber security training fund launched.


  • End of strategy progress report published.

Rising to the challenges of COVID-19 

When the COVID-19 pandemic hit early in 2020, our everyday lives – including how we work, communicate and socialise – changed almost overnight. Suddenly all of Scottish business and society were relying like never before on digital and online technologies. The Scottish Government and its partners had to respond fast, in the certain knowledge that cyber criminals the world over would take advantage of the ensuing disruption. Indeed, very early on we were seeing examples of COVID-19-themed scams relating to PPE supplies, along with numerous other scams exploiting people's anxiety about money and health. We also saw examples of attempted cyber theft of research into COVID-19.

During this period, our relationships with the NCSC and Police Scotland have never proven more fruitful, especially in relation to our ability to share intelligence and respond quickly to incidents. 

We quickly identified the need to provide, on an almost daily basis, clear, up-to-date and authoritative information, advice and guidance on cyber scams, threats and attacks that continue to emerge and evolve as the course of the pandemic develops. 

A small dedicated team of the Scottish Government, Police Scotland, SCVO and the SBRC met almost daily to identify and collate emerging threats and scams and provide appropriate advice and guidance organisations need to respond to these. The guidance took the form of a weekly Bulletin reaching stakeholders across the private, public and third sectors. 

The Bulletin has attracted very positive feedback and has been welcomed as an important resource during a very challenging time.

As we recover from COVID-19, we will continue to work in an agile way with our partners, including the NCSC and Police Scotland, to assess and respond to the ever-changing threat landscape.