Cyber Resilient Scotland - strategic framework: action plan 2025-2030

Outcome 7

Scotland has a flourishing cyber security industry, research community and a skilled cyber security professional workforce

7.1 Growing a Globally Competitive Industry

The Scottish cyber security industry will be seen as an attractive provider of cyber security goods and services both domestically and internationally.

ScotlandIS and the Scottish Government will:

• work with enterprise agencies, Scottish Development International and UK Government departments to identify domestic and international growth and trade opportunities for Scottish cyber security businesses
• promote the ScotlandIS Cyber Directory and IT Managed Services Directory as the central source for Scotland based cyber security products and services across the public, private and third sectors.

7.2 Strengthening Research and Innovation

Academic excellence in research and innovation across our universities continues to help map future cyber challenges and opportunities for government, industry and academia.

Scottish universities will:

• work with industry, government, innovation centres and enterprise agencies to support the commercialisation of cyber research, including proof of concept funding, spinouts, licensing and collaborative R&D with Scottish businesses.

CRANE (Cyber Security Research Network) will:

• work with the CyberScotland Partnership to help strengthen the UK cyber security research ecosystem by evaluating emerging technologies, threats and opportunities for novel research, helping to translate findings into tangible security interventions.

7.3 Understanding and Mitigating Cyber Risks from Emerging Technologies

Government and academic and industry partners build understanding and mitigation of the cyber threats associated with emerging technologies such as AI, quantum computing and machine learning.

The Scottish Government, SC3 and the CyberScotland Partnership will:

• promote authoritative guidance and codes of practice on securing emerging technologies, including those published by NCSC and the UK Government cyber security Codes of Practice.

7.4 Strengthening the Talent Pipeline

Schools, colleges and universities increase the uptake of cyber security learning and qualifications, expanding access to apprenticeships and vocational routes and promoting diversity and inclusion at all levels. Young people will be encouraged to pursue cyber security careers.

All learning providers, Skills Development Scotland (SDS) and other CyberScotland Partners will:

• promote awareness of cyber security careers across schools, community learning, colleges and universities, helping learners and their parents or guardians understand available education and career pathways
• promote clear, accessible routes into cyber security roles, including entry level opportunities, reskilling and upskilling pathways and progression from digital and STEM (Science, Technology, Engineering and Mathematics) disciplines.

The Scottish Government, SDS and other CyberScotland Partners will:

• work with employers and training providers to further establish apprenticeships as a viable pathway into cyber security careers, ensuring the offer aligns with current and future workforce needs.

The Scottish Government, including SG NCRU and Learning Directorate, and Education Scotland will:

• work collaboratively with DSIT to align activity and maximise the impact of the cyber security initiatives of the TechFirst programme in Scotland.

7.5 Promoting Professional Standards

The Scottish Government will work with industry, the UK Cyber Security Council and the UK Government to enhance efforts to professionalise the cyber security workforce and promote continuous development.

SG NCRU and other CyberScotland Partners will:

• promote the value and benefits of professionalising the cyber security workforce and raising awareness of the UK Cyber Security Council, creating opportunities for the Council to engage with cyber security practitioners in Scotland.