The Strategic Framework for a Cyber Resilient Scotland 2025 - 2030

Joint Foreword

John Swinney MSP, First Minister

Angela Constance MSP, Cabinet Secretary for Justice and Home Affairs

Scottish Ministers have consistently affirmed the pivotal role of digital technology in driving economic growth and shaping Scotland’s future. As we embrace these opportunities, it is essential to do so with a strong focus on security and resilience.

Cyber resilience touches the lives of everyone. Our digital world now connects every person and every organisation to websites, apps, systems, data and services as part of our personal and working lives. These are things we benefit from, but we need to ensure they are safe and secure to use.

New and emerging technologies such as Artificial Intelligence (AI) and machine learning bring massive opportunity, but we must be acutely aware of the risk they bring too. The increase in devices now being connected to the internet opens up further opportunities for cyber criminals. Criminals are also using these new technologies to create more sophisticated and far-reaching cyber attacks that can identify and exploit vulnerabilities in systems, data and supply chains, as well as being harder to detect. Additionally, we are faced with ongoing geopolitical tensions which add another layer of complexity to the cyber threat landscape.

The partnership model of the CyberScotland Partnership (CSP) proves the benefit of collaboration across government and the public, private and third sectors. The establishment of the CyberScotland Partnership in 2021 has maximised the collective efforts of national partners to improve the cyber resilience of Scotland’s people, businesses and organisations. The Scottish Cyber Coordination Centre (SC3) provides threat intelligence, early warning and manages the coordination of a multi-agency response to national incidents.

In addition, our growing cyber security industry and excellent academic institutions are creating new cyber products and systems, pioneering research in cyber, supporting cyber security and resilience education and building the talent pipeline. As we navigate these new technologies and new risks, it is vital that we continue to work together to form a strong, secure and resilient online environment.

As we look ahead to the next five years and building on our progress to date, we can recognise the benefits and associated risks of emerging technologies. Our priorities for Scotland’s cyber security and resilience are clear and our resolve is stronger than ever.

Our vision remains: Scotland thrives by being a digitally secure and resilient nation.

The realisation of this vision is vital if we are to achieve the Scottish Government’s overarching four priorities: eradicating child poverty, growing the economy, tackling the climate crisis and improving public services. These are complex issues to resolve but the digital safety and security of our people and that of our public, private and third sectors, will contribute significantly to a successful economy, society and nation.

Our achievements so far would not have been possible without the unwavering support and collaboration of our partners, stakeholders and dedicated professionals. We extend our heartfelt thanks to each and every one of you for your tireless efforts and contributions.

As we embark on this next chapter, let us reaffirm our commitment to working together in partnership. By uniting our strengths and expertise, we can build a resilient and secure future for us all.

Maggie Titmuss MBE, Chair of the National Cyber Resilience Advisory Board

This refreshed Strategic Framework for a Cyber Resilient Scotland arrives at a pivotal moment in our journey towards becoming a truly digitally secure and resilient nation. Richard Horne, CEO of the National Cyber Security Centre reminds us that high profile cyber attacks are not outliers but are a growing norm. The message is clear: we must be proactive. That means building the awareness to recognise threats, the discipline to reduce risk and the readiness to respond swiftly and confidently when, not if, an attack comes. Cyber resilience is everyone’s business. It isn’t just a technical necessity – it’s a national imperative.

Cyber threats are escalating at an unprecedented pace. Alarming data reveals that in 2024 nearly half of UK businesses suffered a cyber attack or security breach.

We spend an increasing amount of our lives online – we shop, we do our banking, we order prescriptions from our GPs, we play games with people we have never met, we connect with people we don’t know through a mutual interest. We entrust our information to companies and government bodies that deliver vital public services.

In today’s digitally connected world, convenience comes at a cost. Cyber attackers are exploiting vulnerabilities with growing sophistication and boldness – often for financial gain. We’ve witnessed councils suffer substantial loss of services due to ransomware attacks with the threat of files being leaked onto the dark web.

UK Healthcare services haven’t been spared either, with critical disruptions to medical supplies and GP appointments. High-profile retailers like Marks & Spencer and the Co-op have also been targeted in 2025, resulting in empty shelves in rural communities, widespread payment issues, stolen data and damage to share prices. These are not distant events; many of you have likely felt their effects first-hand.

Cyber criminals are agile and change their tactics to exploit any vulnerability – often pressurising already busy employees to force a click on a link.

Collaboration is at the heart of our strategy because no government can tackle today’s cyber challenges alone. Scotland is no exception. Our approach is built on strong partnerships across sectors, reinforcing that collective effort is critical to safeguard our people and unlock the economic potential of our secure digital future.

Cyber resilience is more than a safeguard – it’s the foundation of a bold, modern digital nation. By embedding it into everything we do, we not only protect ourselves but also unlock new possibilities for innovation, progress and a more secure, inclusive future for us all.