By Karen Meechan, Chair of the CyberScotland Partnership
On 5 November, the Scottish Government launched the refreshed Strategic Framework for a Cyber Resilient Scotland, setting a clear direction for building Scotland’s cyber resilience to 2030. The updated strategy focuses on strengthening national coordination, deepening partnership working, addressing risks from emerging technologies and guiding action across sectors. Its vision remains clear: Scotland thrives by being a digitally secure and resilient nation.
It comes at a critical moment. The first Framework was published during the COVID-19 pandemic in 2021 and since then we’ve all become increasingly dependent on digital connectivity. Unfortunately, as this reliance has grown, so too have the cyber risks.
The NCSC’s Annual Review 2025 shows that almost half of all incidents last year were of national significance, with highly disruptive attacks up by 50%. While ransomware remains a major threat, artificial intelligence is now enabling cyber criminals to automate phishing, generate convincing fake content and find vulnerabilities at scale. The threat landscape is relentless, and our response must be equally robust.
Substantial progress has been made, but there is still a lot to do. The Scottish Government is leading the way, through the use of data and evidence to drive action. By better understanding the cyber maturity of sectors, we can anticipate risks, target support more effectively and monitor our progress with precision.
Two key initiatives announced alongside the refreshed Framework demonstrate this approach in action:
The Cyber Observatory – a new tool designed to gather, analyse and share cyber threat data and performance insights across the Scottish public sector. It will help us better understand our cyber security posture, where we need to improve and how best to direct support.
The fourth round of the Public Sector Upskilling Fund – providing £300,000 to continue developing professional cyber security skills across the public sector. Since 2022, nearly 400 individuals in over 100 organisations have benefitted from training funded through this programme.
These initiatives show that building cyber resilience is not only about technology, but also about people: their awareness, skills and ability to respond effectively when things go wrong.
Cyber resilience is about building confidence and continuity into every organisation and community. By focusing on resilience, we shift from fear to preparedness, and from risk to opportunity. But government cannot do this alone. Businesses, charities, schools, universities and communities all have a part to play. The CyberScotland Partnership brings these voices together to share knowledge and strengthen collective action.
The refreshed Strategic Framework for a Cyber Resilient Scotland marks a pivotal moment in our national journey. Together, we can ensure that Scotland continues to thrive – digitally secure, confident and ready for the future.
Related content
Strengthening cyber resilience in Scotland. A new ‘cyber observatory’ to help protect Scotland’s public bodies from online threats will be set up as part of a package of measures to promote the country’s cyber-security. A newly published refreshed Strategic Framework […]
As online shopping becomes ever more convenient, the CyberScotland Partnership (CSP) is urging individuals, families and businesses across Scotland to stay alert to online criminals. Our latest three-month campaign, Secure Shopping, highlights the most common tricks fraudsters use to target […]
The National Cyber Security Centre (NCSC) and IASME are running a pilot programme throughout August, offering free 30-minute cyber security sessions for small and medium sized businesses (SMEs). The sessions are a no strings attached opportunity open to SMEs with […]