CATEGORIES
CyberScotland BulletinsThe CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.
If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.
Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.
Keep up to date on social media, follow us on Twitter and LinkedIn.
CyberScotland updates
News and updates from CyberScotland and our partner network
Launch of refreshed Strategic Framework
The Scottish Government launched its refreshed Strategic Framework for a Cyber Resilient Scotland on 5 November, which includes plans for a new cyber observatory to provide early warnings on online threats and help public bodies manage emerging risks. The framework sets out measures to strengthen cyber security and resilience across local all sectors. On the day, the Cabinet Secretary for Justice and Home Affairs also announced continuing support for cyber learning in education and providing £300,000 to the Upskilling Fund to bolster public sector skills.
Ministers and industry leaders said the strategy highlights the importance of partnership in protecting Scotland’s digital infrastructure. By embedding cyber resilience into system design and working collaboratively across sectors, Scotland aims to safeguard essential public services and stay ahead of growing cyber risks.
New bill targets cyber threats to UK infrastructure
Proposed new laws will seek to strengthen cyber defences for essential public services including healthcare, drinking water providers, transport and energy, as part of The Cyber Security and Resilience Bill.
Hospitals, energy and water supplies and transport networks are set to be protected from the threat of cyber-attacks under new laws being introduced in Parliament. The bill strengthens national security and protects growth by boosting cyber protections for the services that people and businesses rely on every day.
CyberScotland Week returns for 2026
CyberScotland Week is returning for 2026 from 23-28 February. Now in its eighth year, the awareness week encourages everyone – from individuals and families to small and large organisations – to take simple, practical steps to improve online safety and build cyber resilience.
The 2026 theme, “Can’t Hack it?!”, is supported by the sub-themes ‘Mind the Hack’ and ‘Click Safe, Carry On’, which emphasise everyday awareness and confident action online. Businesses, community groups and organisations across Scotland are invited to host an event during the week to highlight the importance of collective effort in protecting Scotland’s digital infrastructure.
Find out more about how to host an event during CyberScotland Week here.
CyberUK
CyberUK returns to Glasgow in 2026 at the SEC with an exciting programme of world-class speakers, exclusive networking opportunities, and the chance to engage with over 150 sponsors and exhibitors.
Apply to be part of the UK’s flagship cyber security event, bringing together leaders, innovators, and experts from across government, industry, and academia to shape the future of cyber defence.
Tickets are subject to an application process, and all applicants will be notified of the outcome in February 2026.
Cyber Action Toolkit
The National Cyber Security Centre (NCSC) has seen great pick-up so far on its Cyber Action Toolkit, designed to help organisations assess and improve their cyber security posture. The toolkit provides practical guidance, checklists and resources to manage cyber risks, strengthen defences, and respond effectively to emerging threats. It is aimed at public bodies, businesses, third sector organisations and educational institutions, supporting ongoing cyber learning and workforce development initiatives.
The Cyber Action Toolkit is a free resource and easy to use, even if you are new to cyber security.
Great success for first See It Be It: Women and Girls in Cyber Conference
The See It Be It: Women and Girls in Cyber Conference, hosted by Cyber and Fraud Centre – Scotland and supported by Accenture, Fortinet and NatWest, gathered more than 200 schoolgirls, teachers and industry professionals on 7 November to inspire the next generation of female cyber-security talent.
The event showcased diverse cyber-roles, offered hands-on activities and career hubs, featured women leaders at panel sessions and emphasised that seeing women succeed in cyber makes the field more accessible.
Karen Meechan included in Top 50 Most Influential Women in UK Tech 2025
ScotlandIS CEO and CyberScotland Partnership Chair Karen Meechan was recognised in ComputerWeekly.com’s Top 50 Most Influential Women in UK Tech 2025. Karen is an advocate for closing the digital skills divide across the UK. Karen was selected from a longlist of 770 women.
SCVO highlights importance of helping charities strengthen their cyber resilience
Writing in Third Force News, SCVO’s Alison Brogan stressed that staying safe online starts with getting staff switched on to cyber security, building good preparation into everyday practice and ensuring cyber has a regular place on board agendas. She emphasised that simple steps, awareness and planning can make a significant difference in protecting charities, their people and the communities they support.
New guide on older people staying safe online
Age Scotland and CyberScotland have worked in partnership to create a guide on how older people can stay safe online. As technology becomes more advanced, criminals are finding more ways to carry out crimes involving computers and other devices that use the internet. It can be difficult for older people to stay up to date with the latest technology changes and this guide provides support to help them remain vigilant. Age Scotland is part of the CyberScotland Partnership.
Entries now open for Scottish Cyber Awards 2026
Entries have officially opened for the Scottish Cyber Awards 2026, celebrating the individuals and organisations shaping the future of cybersecurity across Scotland.
Now entering its eighth year, the event brings together the country’s most innovative thinkers, practitioners and organisations for an evening of recognition and connection.
This year’s ceremony will take place on Thursday 26th March 2026 at the Edinburgh International Conference Centre (EICC). Hosted by DIGIT, the awards continue to highlight the breadth of talent driving cybersecurity progress in Scotland and beyond.
In other news…
Cyber security news from Scotland and the rest of the UK
Cyber-attacks cost UK firms £195K on average
New figures produced by auditor KPMG for the UK Government reveal that for the average UK business, a serious cyber-attack still means a £195,000 hit. According to the report, the UK’s top-performing industries are also its most vulnerable, with average losses exceeding £300,000 in information services, management, entertainment, manufacturing, and finance.
85% of UK firms boosting cyber budgets for 2026
Polling more than 330 British businesses, PwC’s latest Global Digital Trust report found 85% of UK firms are planning to put significantly more money into their cyber budgets to keep up with adversaries and more than two-thirds (69%) plan to rethink their cybersecurity investment strategies to keep up with the threat landscape. As part of that, over half (56%) anticipate increasing their spending by more than 6% over the next twelve months, potentially adding up to millions more pouring into enterprise defences.
Cyber insurance payouts jump 230%
The Association of British Insurers (ABI) has called for cyber insurance to become a part of every organisation’s modern risk management strategy, as its latest figures show £197 million was paid out to help businesses recover from cyber incidents in 2024.
Data from firms participating in the ABI’s cyber data collection revealed a 230% year-on-year increase in the amount paid out to support businesses with cyber-attacks, £138 million more than in 2023. Malware and ransomware alone accounted for over half (51%) of all claims.
M&S reveals cost of cyber-attack
The cyber-attack on Marks and Spencer is expected to directly cost roughly £136m. The figure is only the cost of immediate incident systems response and recovery, as well as specialist legal and professional services support.
Combined with a loss in sales, as the retailer’s online systems were out of action from Easter into the summer, statutory profit before tax at the business has been nearly wiped out for the first half of the year.
Louvre security issues highlight need for safe passwords
The Louvre is facing fresh scrutiny over its security deficiencies after an £80 million heist as it was revealed that the password “Louvre” gave access to the museum’s video surveillance.
Confidential documents seen by Libération have revealed that the simple password was enough to access the server responsible for video surveillance of the world-famous museum in 2014.
This highlights the need for a safe, secure password. Check out advice on the CyberScotland Portal from Police Scotland on creating safe passwords.
Borders Funeral Director becomes first in Scotland to achieve Cyber Essentials certification
Funeral director William Purves has become the first in Scotland to achieve Cyber Essentials certification, setting the standard for cyber security within the industry. Only 3% of UK businesses have achieved Cyber Essentials and just eight of these are funeral directors.
Seven in ten UK firms say security risks are at an all-time high
About seven in ten (69%) of UK organisations say the security risks for their company have never been higher. This is according to Vanta’s third annual State of Trust Report, an in-depth analysis uncovering trends in AI, security, compliance, and trust from a survey of 3,500 IT and business leaders across the UK, US, France, Germany and Australia.
A majority (53%) of business and IT leaders warning that AI cyber threats are advancing faster than their security team’s expertise to deal with them. In the past year, half of all organisations reported an increase in AI-generated phishing (43%), AI-powered malware (44%), and AI-driven identity theft or fraud (43%).
The CyberScotland Bulletin is a monthly roundup of news and updates on cyber security and resilience with a particular focus on Scotland. Feel free to forward it to anyone in your network who might benefit from it.
Please ensure you only take information from trusted sources. The NCSC has a useful glossary of cyber terms you may wish to reference while you read the bulletin.
For more regular updates follow CyberScotland on X or LinkedIn, Instagram, Facebook and BlueSky.
Remember, to report an email phishing attempt, forward your email to the National Cyber Security Centre: report@phishing.gov.uk
If you are a victim of cyber crime, please report it to Police Scotland by calling 101.