UK's £210m Cyber Action Plan Explained: Is it Enough?

After many big name public and private institutions fell victim to cyber attacks, the UK now has a £210m (US$284m) Government Cyber Action Plan. 

Introduced with the purpose of increasing the security and resilience of the UK's public services, the plan will be led by a new, dedicated Government Cyber Unit. 

“Cyber-attacks can take vital public services offline in minutes – disrupting our digital services and our very way of life,” says Digital Government Minister Ian Murray.

“This plan sets a new bar to bolster the defences of our public sector, putting cyber-criminals on warning that we are going further and faster to protect the UK’s businesses and public services alike. 

“This is how we keep people safe, services running and build a government the public can trust in the digital age.”

UK cyber action plan 2026: improving visibility and resilience 

The cyber action plan arrives alongside a broader government push to digitise public services, reducing long-winded phone queues and outdated paperwork.

This digital transformation alone could potentially unlock £45bn (US$61bn) in productivity savings for the UK. 

As a large amount of critical information is digitalised, securing these public services at every endpoint is crucial, making such a cyber strategy evermore relevant. 

Flushing out hidden cyber and digital resilience risks across government organisations, thereby allocating resources to protect what is most at risk, is a strong priority of the plan. 

The action plan details measures to ensure collective response when faced with cyber crises, along with incident response teams allocated to departments to quickly remediate adversities. 

UK’s Cyber Action Plan also sees the formation of a Software Security Ambassador Scheme to drive the adoption of the Software Security Code of Practice. 

In an effort to decrease software vulnerabilities that drive cyber attacks, this new code adoption will be championed by Cisco, Palo Alto Networks, Sage, Santander and NCC Group coming on board as ambassadors.

Government cyber funding in global context: comparing the UK, US and other nations

While the new action plan is a welcome respite in lieu of climbing cyber attacks, the UK government’s funding of £210m (US$284m) seems to lag behind other world leaders. 

With US, Canada, Japan, Australia and South Korea spending hundreds of millions to billions in their cybersecurity budget – reflecting the importance of faultlessly securing national infrastructure – the UK’s plan, while strategic, still requires more investment. 

Trevor Dearing, Director of Critical Infrastructure at Illumio, says that while the government’s investments in the public sector to reduce the risks is encouraging, he thinks the “£210m (US$284m) is nowhere near enough to address the scale of the problem”.

“While the plans centre on government and digital services, they overlook the private organisations that manage much of our critical infrastructure,” he says.

“If we want real progress, response teams need to cover both public and private sectors. 

“Also, investment alone won’t fix the problem. The public sector continues to lag behind the private sector in attracting cyber talent. 

“To build effective teams, it must compete on salaries and benefits and ensure strong coordination and clear accountability across agencies to defend against increasingly sophisticated threats.”