The Government announced its Cyber Action Plan to strengthen cyber resilience and incident response across government departments and the wider public sector, supported by over £210m of government funding. Whilst this is markedly lower than the £2.6bn pledged in the 2022 National Cyber Strategy to modernise legacy systems, the plan reinforces a clear shift towards tighter cyber oversight and faster, more standardised incident management
The plan is being driven by a new ‘Government Cyber Unit’ and forms part of the broader agenda to digitise public services and centralise access to Government support. Its focus on improved visibility of cyber risk, stronger mitigation and accelerated incident response is likely to translate into higher expectations for suppliers, particularly those providing connectivity, voice, managed services and other digital infrastructure into the public sector.
The plan Signals increased emphasis on resilience, assurance and incident reporting within public sector contracts, alongside continued reliance on external providers to manage cyber risk in legacy environments. The shift in funding commitment suggests a stronger emphasis on managing cyber risk within existing budgets rather than large-scale system modernisation, including closer attention to how suppliers support secure service delivery. In this context, organisations able to demonstrate robust cyber resilience and incident readiness may be better positioned as expectations evolve.