UKC3 has backed the “cultural shift” towards public sector cyber security and resilience set out in the Government’s new Cyber Action Plan.
The Action Plan, launched this week, defines how trust and resilience in public services will be secured as part of a wider Roadmap for a Modern Digital Government. The Action Plan responds to “critically high” cyber risk across government and the wider public sector, aiming to give people confidence in the digital services they use every day.
Backed by more than £210 million of central investment and led by the new Government Cyber Unit at the Department for Science, Innovation and Technology (DSIT), the Action Plan introduces a stronger, more centralised model for managing government-wide cyber risk. It recognises that hostile states, criminal groups, and major outages are already causing serious disruption in areas such as healthcare, local government, libraries and transport.
Why the Action Plan is needed
The Action Plan shows that “nearly a third (28%) of the government technology estate is estimated to be legacy technology, and therefore highly vulnerable to attack”. It also identifies that GovAssure assessments show “significant gaps in departments’ cyber security and resilience, including widespread low maturity in fundamental controls such as asset management, protective monitoring, and response planning.”
To address this, the plan sets four strategic objectives:
- Better visibility of cyber security and resilience risk, so that the Government can understand government‑wide and departmental cyber risks.
- Addressing severe and complex risks through central levers where departments cannot manage risks alone.
- Improving responsiveness to fast moving events, so that the Government can respond more effectively to rapidly evolving cyber and digital incidents.
- Rapidly increasing government‑wide cyber resilience, by focusing on remediating the most significant vulnerabilities, including legacy technology.
In order to deliver these objectives, the Action Plan is structured around five core delivery strands required to drive practical change at scale.
Cyber resilience as mission
A core theme of the Action Plan is the need to ‘Defend as One’, with government and public sector teams treating cyber and digital resilience as a shared mission rather than acting in isolation. The Government Cyber Unit will coordinate with departments, arms-length bodies, local services, and suppliers so that risks are clearly owned, understood and managed across the system.
The Action Plan also focuses on stronger accountability for senior leaders, better use of data in decision‑making, and a new Government Cyber Profession to attract and grow cyber talent. Central services such as threat detection, vulnerability monitoring and incident coordination will be scaled so organisations can access proven capabilities more easily.
How UKC3 support cyber resilience
UKC3’s role is to support and connect regional cyber security clusters, helping them to grow local ecosystems, develop skills, and share best practice nationally. The Cyber Action Plan’s emphasis on collaboration, skills and scalable services aligns directly with this mission.
Through its clusters, UKC3 and its regional network can:
- Help public sector organisations and suppliers understand the Action Plan, its implications, and where to find support and services.
- Connect departments, local authorities, NHS bodies, and other public sector organisations with regional cyber expertise, including SMEs and academia, to support development.
- Support development of skills pipelines aligned with the new Government Cyber Profession through training, events, mentoring, and regional initiatives.
‘A cultural and operational shift’
The plan envisages central bodies, including the Government Cyber Unit and National Cyber Security Centre (NCSC) working closely with departments, arms-length bodies, and wider public sector organisations, including through scaled support and ‘cyber uplift’ teams.
UKC3 co-chair, Simon Newman, said: “UKC3 strongly supports the Government Cyber Action Plan and its ambition to secure public services that are trustworthy and resilient.
“Our national network recognises this as a cultural and operational shift, not just a technical programme, requiring sustained effort across the whole system.
“Working with Government, NCSC, and wider partners, UKC3 will continue to use the strength of its clusters to turn the plan into practical local action – building skills, helping organisations access the right services, and ensuring regional innovation and expertise align with Government plans for the UK to Defend as One.”
