Report presents a consolidated, evidence-based picture of cyber activity in the sector
25 March 2026
The Scottish Cyber Coordination Centre (SC3) has published its inaugural Scottish Cyber Activity Report (SCAR), marking the first publication of a consolidated, evidence-based picture of cyber activity within the country’s public sector.
The SCAR combines findings from the Cyber Resilience Assessment – a comprehensive evidence base on Scotland’s public sector cyber posture – with the SC3’s own incident data, threat intelligence and findings from its exercising activity.
The report aims to help Scotland’s public bodies understand the wider cyber risk environment, benchmark their own resilience, learn from cross‑sector incidents and exercises, and prioritise investment and improvement activities.
The SCAR outlines recurring lessons grounded in real incidents. Headline findings from the inaugural report include:
- Lessons are not being shared or implemented fast enough across the public sector. The same gaps identified following the SEPA ransomware attack in 2020, and again after the Comhairle nan Eilean Siar (Western Isles Council) attack in 2023, are identified by the SCAR as remaining today.
- Business continuity plans across the sector are not aligned to modern cyber realities and scenarios, particularly the possibility of long‑duration digital outages.
- Leadership and governance are the primary drivers of resilience outcomes: organisations that recover well are those with ownership of cyber risk at board level.
Other themes identified in the report include the growing importance of communications planning during incidents; uneven access to specialist incident response support; rising data theft and extortion tactics; supply chain risk; and specific concerns around education networks in local authorities.
Alan Gray, Head of the SC3 and Deputy Director of the Scottish Government’s National Cyber Security and Resilience Division said: “Our public sector delivers the services on which millions of people depend daily and holds vast quantities of sensitive data. It also operates in a threat environment that’s growing more sophisticated by the month – cyber risk is a truly systemic issue, cutting across all public sector organisations.
“Rather than isolated action, we need collaboration, shared intelligence, and coordinated response. The lessons in this report are clear: business continuity plans must be reviewed and routinely tested against real cyber scenarios; communications resilience must be treated as a core capability, not an afterthought.
“When the same lessons recur across incidents separated by years, we are not failing to learn; we are failing to implement. The cyber threat to Scotland’s public sector is real, it is growing, and it demands our collective attention.”
The SCAR also gives cause for confidence: it reports that 97% of Scottish public sector organisations now receive actionable threat intelligence; the vast majority have incident response plans in place and are investing in cyber resilience training; and the quality of preparedness across the sector is measurably improving.
Alan Gray continued: “These are not small achievements. They reflect years of sustained effort by dedicated professionals across every part of the public sector.”
Since 2018, SC3 and the Scottish Government have coordinated the response to 183 cyber incidents across the public sector. That included 43 incidents in 2025 alone, almost a quarter (23.5%) of the total over the seven-year period. Ransomware was identified as the most common cause of public sector cyber incidents by a significant margin, which reflects broader UK incident reporting.
The SCAR provides a baseline for measuring progress against the refreshed Strategic Framework for a Cyber Resilient Scotland 2025-2030, presenting cyber resilience as a collective challenge requiring coordinated investment, governance, and shared learning, rather than something any single organisation can solve alone.
The report’s publication follows the eighth annual CyberScotland Week, which took place in February and saw businesses, communities and individuals hold events to raise awareness of the importance of cyber resilience in every aspect of life in Scotland. It comes ahead of the national CYBERUK conference which will take place in Glasgow between 21 and 23 April.
ENDS
Related content
A national Cyber Resilience campaign has been launched by The National Cyber Security Centre (NCSC) and Department for Science, Innovation and Technology (DSIT) a to help small and medium-sized enterprises (SMEs) strengthen their protection against cyber-attacks. It comes as new […]
CyberScotland Partnership – Organisation Asset Pack 2 Messaging & Social – Raising Staff Cyber Awareness (all staff). CyberScotland Partnership (CSP) is encouraging organisations across Scotland to strengthen their cyber resilience by focusing on one of the most important defences of […]
The CyberScotland Partnership is preparing for the return of its flagship national awareness campaign, CyberScotland Week 2026. Taking place from 23 to 28 February 2026, CyberScotland Week 2026 will highlight the everyday actions that all of us can take to […]