We use cookies to collect anonymous data to help us improve your site browsing experience.

Click 'Accept all cookies' to agree to all cookies that collect anonymous data. To only allow the cookies that make the site work, click 'Use essential cookies only.' Visit 'Set cookie preferences' to control specific cookies.

Set cookie preferences

Your cookie preferences have been saved. You can change your cookie settings at any time.

Publication - Corporate report

Scottish Cyber Activity Report 2026

Published
25 March 2026
Directorate
Digital Directorate
Topic
Public sector
ISBN
9781807750565

The Scottish Cyber Activity Report (SCAR) 2026 is the first of an annual publication from the Scottish Cyber Coordination Centre (SC3) giving a comprehensive, data-driven assessment of cyber activity across Scotland's public sector.

View supporting documents Supporting documents

Foreword

The cyber threat to Scotland’s public sector is real, it is growing, and it demands our collective attention. This first Scottish Cyber Activity Report sets out, in evidence, the scale and nature of that challenge. It is a report I am proud to introduce, because it represents something Scotland has not had before: a comprehensive, data-driven assessment of cyber activity across our public sector, drawn from the work of the Scottish Cyber Coordination Centre (SC3) and the organisations we serve.

The picture it paints is honest. Since 2018, SC3 and the Scottish Government has coordinated the response to 183 cyber incidents across the sector, with 43 in 2025 alone. Ransomware remains the most prevalent and disruptive threat, and the under-reporting of incidents continues to limit our ability to respond collectively. At a UK level, the National Cyber Security Centre reports that nationally significant incidents have more than doubled in a single year. Scotland is not immune to these trends. Our public sector holds vast quantities of sensitive data, delivers services on which millions of people depend daily, and operates in a threat environment that grows more sophisticated by the month.

Yet this report also gives cause for confidence. 97% of organisations now receive actionable threat intelligence. The vast majority have incident response plans in place and are investing in cyber resilience training. Engagement with SC3’s exercising programme is growing, and the quality of preparedness across the sector is measurably improving. These are not small achievements. They reflect years of sustained effort by dedicated professionals across every part of the public sector.

There is, however, more to do. The lessons in this report are clear: business continuity plans must be scoped for cyber scenarios; communications resilience needs to be treated as a core capability, not an afterthought; incident response capacity across the sector remains uneven and the lessons we identify from incidents must be shared and acted upon with more immediacy. When the same lessons recur across incidents separated by years, we are not failing to learn, we are failing to implement. That must change.

The refreshed Strategic Framework for a Cyber Resilient Scotland 2025–2030 sets out the vision for the years ahead, and SC3 is committed to driving delivery against its outcomes. No single organisation can tackle this challenge alone. Resilience comes from working together, sharing information, and building capacity across the country. That collaboration is already happening, and it is one of Scotland’s genuine strengths.

Knowing is half the battle. This report provides the knowing. The doing - the investment, the governance, the exercising, and the collective commitment to improvement, is the work ahead of us. I am confident that Scotland’s public sector is ready to meet it.

Alan Gray

Head of the Scottish Cyber Coordination Centre Deputy Director, National Cyber Security and Resilience Division Scottish Government

Contact

Email: SC3@gov.scot

Back to top