Scottish Government launches refreshed cyber strategy  

The Scottish Government has launched a new cybersecurity strategy, designed to protect businesses and organisations from cyberattacks. 

The strategy, which will be in place for the next four years, details plans to make Scotland a stronger, more resilient and more capable country when it comes to online threats. 

“Cyber resilience touches the lives of everyone,” wrote First Minister John Swinney and Cabinet Secretary for Justice Angela Constance. “Our digital world now connects every person and every organisation to websites, apps, systems, data and services as part of our personal and working lives. These are things we benefit from, but we need to ensure they are safe and secure to use.” 

The strategy details plans to support businesses and organisations across Scotland through a £300,000 Upskilling Fund, designed to strengthen the cybersecurity skills of the public sector workforce.  

In 2024, the amount of "highly significant" cyber attacks on businesses in the UK rose by almost 50 per cent from the previous year, according to a review by GCHQ’s National Cyber Security Centre. 

These attacks are classed as “highly significant” if they have a serious impact on the UK Government, economy or population. Recent examples include major cyber attacks targeting Marks & Spencer, Harrods and the Co-op. 

In combatting this rise, the strategy outlines the ambition of the Scottish Government to embed cyber learning in the school curriculum, ensuring a generation of Scots grow up in an environment that values cybersecurity.  

“Children will learn about digital security and resilience as naturally as they learn to read and write,” the strategy says. “In our schools, colleges and universities, our students will not only be technically proficient but will be cyber aware too. Educators will be equipped with secure technology, supported by a curriculum that embeds cyber resilience from the earliest years.” 

The Scottish Cyber Coordination Centre is also launching a “Cyber Observatory” that will be used to analyse and share early warnings on cyber threats across the public sector. It is hoped that this will allow organisations to identify threats before they occur and be more “proactive” in combating them. 

“The message is clear: we must be proactive,” said Maggie Titmuss, chair of the National Cyber Resilience Advisory Board. “That means building the awareness to recognise threats, the discipline to reduce risk and the readiness to respond swiftly and confidently when, not if, an attack comes. 

"Cyber resilience is everyone’s business. It isn’t just a technical necessity – it’s a national imperative.”