CATEGORIES
CyberScotland Bulletins UpdatesThe CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.
If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.
Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.
Keep up to date on social media, follow us on Twitter and LinkedIn.
CyberScotland updates
News and updates from CyberScotland and our partner network
CyberScotland launches ‘Boost your Business’ resilience campaign
CyberScotland Partnership has launched a new awareness raising campaign, Boost your business, encouraging businesses and private, public and third sector organisations across Scotland to take simple, practical steps to strengthen their cyber resilience. The campaign reinforces five everyday actions: reviewing basic protections, installing software updates promptly, using strong passwords and passkeys, ensuring all staff are cyber aware, and securing every device. There is a lot of information on where to find out more with links to useful resources.
NCSC publishes new guidance on AI and cyber security
The National Cyber Security Centre has published a series of blogs and guidance on the cyber security risks that come with artificial intelligence. One piece of joint guidance, written with international partners, advises organisations to take a cautious approach to AI systems that can act independently – searching for information, making decisions and taking actions without a human checking each step. The NCSC recommends starting with low-risk uses and making sure basic security measures are already in place before going further. A separate blog warns that AI is also speeding up how quickly weaknesses in software are being discovered, which could force organisations to roll out a large number of security updates across their systems at short notice – particularly for older software that is no longer supported.
Government publishes Cyber Security Breaches Survey 2025-26
The Cyber Security Breaches Survey 2025-26, published by the Department for Science, Innovation and Technology and the Home Office, shows that around 43% of businesses and 28% of charities reported a cyber incident in the past year. Phishing remains the most prevalent attack type, cited by 38% of businesses. While board-level engagement in large businesses rose from 27% to 31%, only 25% of businesses have a formal incident response plan. Ransomware among charities increased from under 0.5% to 1%, and AI risk management practices remain underdeveloped, with only around a quarter of organisations using or considering AI reporting they have security processes in place to manage AI-related risks.
Cyber security must work for everyone – including disabled and neurodivergent users
A blog published by Passion4Social in partnership with Lead Scotland argues that accessibility and cyber resilience are inseparable – and that security tools which exclude disabled and neurodivergent users create new risks rather than reducing them. With around 22% of the UK population identifying as disabled and an estimated 15% being neurodivergent, designing security systems around a narrow idea of the “typical” user leaves millions unable to use the very tools meant to protect them. The piece covers everything from inaccessible CAPTCHA and password fields, through to the largely untapped strengths neurodivergent professionals bring to cyber security roles and offers practical steps for organisations looking to build a more inclusive approach.
Scotland launches new secure digital health platform
The Scottish Government and Public Services Delivery Scotland have launched MyCare.Scot, a new secure online service where people in Scotland can access health and social care information and services in one place. The pilot is being rolled out nationally after a successful trial in NHS Lanarkshire. Users will be able to view their NHS records on the service, check information about medicines, allergies and vaccinations, and find local health and care services. More features are planned as the platform develops, shaped by feedback from users.
In other news…
Cyber security news from Scotland and the rest of the UK
UK Government Digital Minister warns cyber threat is ‘getting worse’ as government launches Resilience Pledge and £90m fund
Speaking at the New Statesman Security and Resilience Conference on 5 May, Digital Minister Baroness Lloyd of Effra set out the government’s position on cyber security in stark terms: the threat is intensifying, AI is accelerating it, and organisations that fail to act are leaving themselves exposed. She pointed to the newly published Cyber Security Breaches Survey – 43% of businesses hit in the past year, rising to 69% for large firms – as evidence of the scale of the problem. The centrepiece announcements were a new Cyber Resilience Pledge, calling on UK businesses to treat cyber risk as a board-level responsibility, sign up to the NCSC’s Early Warning system and use Cyber Essentials in their supply chains; and a £90 million fund to support practical cyber resilience, focused particularly on SMEs and critical NHS suppliers. She also referenced the forthcoming Cyber Security and Resilience Bill, a National Cyber Action Plan due later this summer, and the £187 million TechFirst programme for cyber and digital skills.
Canvas learning platform breach affects thousands of educational institutions
Criminal extortion group ShinyHunters breached Instructure, the company behind the widely used Canvas learning management system, in late April 2026. The attackers claimed to have accessed data belonging to approximately 275 million individuals across nearly 9,000 institutions in the UK, US, Canada, Australia and elsewhere. After initially containing the incident, a second wave of activity on 7 May defaced Canvas login pages at around 330 institutions with ransom messages. Instructure subsequently reached an agreement with the threat actors, though cyber security practitioners have warned that paying ransoms can reinforce criminal behaviour and does not guarantee data protection.
AI chatbots made major errors during Scottish election campaign, study finds
AI chatbots including ChatGPT and Google Gemini made significant mistakes during the Scottish Parliament election campaign, according to a new study by Demos. The think tank found AI tools gave misinformation in 34% of answers when asked questions about the Holyrood election, including inventing scandals, providing the wrong election date and falsely claiming voter ID was required. ChatGPT reportedly produced incorrect information in 46% of responses, while Replika had the highest error rate at 56%. Alongside the study, polling of more than 2,000 adults found 20% of voters had used AI chatbots or search tools for election information. Demos said the findings raised concerns about the lack of regulation surrounding AI platforms in the UK. According to The Guardian, Electoral Commission Chief Executive Vijay Rangarajan called for stronger legal controls on AI misinformation, warning the technology had made the spread of false information “dramatically faster and more accessible than ever”.
The CyberScotland Bulletin is a monthly roundup of news and updates on cyber security and resilience with a particular focus on Scotland. Feel free to forward it to anyone in your network who might benefit from it.
Please ensure you only take information from trusted sources. The NCSC has a useful glossary of cyber terms you may wish to reference while you read the bulletin.
For more regular updates follow CyberScotland on X or LinkedIn, Instagram, Facebook and BlueSky.
Remember, to report an email phishing attempt, forward your email to the National Cyber Security Centre: report@phishing.gov.uk
If you are a victim of cyber crime, please report it to Police Scotland by calling 101.
The CyberScotland Partnership is a collaborative leadership approach to focus efforts on improving cyber resilience across Scotland.
The Scottish Government’s key strategic stakeholders have come together in a formal partnership arrangement to drive the delivery of activities that will achieve the outcomes of The Strategic Framework for a Cyber Resilient Scotland.