Public Sector

Relevant information for Public Sector organisations

Cyber security involves protecting systems, networks, programmes, devices and data from malicious cyber activities. It also encompasses strategies for organisations to reduce the risk and impact of cyber attacks. For the public sector it is crucial to ensure that digital public services are safe and secure.

Cyber resilience refers to an organisation’s preparedness for a cyber attack and it’s ability to respond to and recover from a cyber incident when it occurs.

Importance in the Public Sector

Cyber attacks can significantly impact organisations of all sizes and sectors. Cyber resilience is a vital component of overall business and organisational resilience, and helps to ensure that operations can continue even when things go wrong. Most organisations in the UK are now dependent directly or indirectly on digital technologies to function. These organisations face cyber risks such as :

  • loss of service or data breach
  • Negative impacts for Employees/Stakeholders
  • financial and reputational impact

According to 2025 UK Cyber Security Breaches Survey almost half of UK businesses experienced some form of cyber security breach/attack in last twelve months. The good news is that that improving your cyber resilience is easier than you might think. The Scottish Government’s National Cyber Security and Resilience Division supports Scottish public bodies in their cyber resilience journey. We can help find solutions and support for various cyber resilience challenges. The Scottish Cyber Coordination Centre also ensures that public bodies are prepared to respond to inevitable cyber incidents and helps coordinate cyber incident response when required.

Scotland also boasts a thriving cyber security goods and services sector, as well as a community of IT Managed Services providers. This expertise is available to organisations across all sectors.

Managing Risks (Governance and Awareness)

10 Steps to Cyber Security

This guidance aims to help organisations manage their cyber security risks by breaking down the task of protecting the organisation into 10 components. It is aimed at medium to large organisations that have someone dedicated to managing the organisation’s cyber security.

Read more 10 Steps to Cyber Security in modal dialog

The Cyber Assessment Framework (CAF) / NCSC CAF Guidance

The Cyber Assessment Framework (CAF) provides guidance for organisations responsible for vitally important services and activities.

Read more The Cyber Assessment Framework (CAF) / NCSC CAF Guidance in modal dialog

Scottish Public Sector Cyber Resilience Framework v2

Sets out the second iteration of the Scottish public sector cyber resilience framework. The framework supports Scottish public sector organisations, to improve their cyber resilience and to comply with a range of requirements.

Read more Scottish Public Sector Cyber Resilience Framework v2 in modal dialog

Scottish Public Sector Supplier Cyber Security Guidance Note

The security of supply chains is increasingly important as we often see cyber incidents affect public sector bodies indirectly through their suppliers. This guidance note promotes the adoption of a consistent approach to supplier cyber security across the Scottish public […]

Read more Scottish Public Sector Supplier Cyber Security Guidance Note in modal dialog

Cyber Training for Staff

Free e-learning training introduces why cyber security is important and how attacks happen. It will give you actionable advice about how to defend yourself.  The NCSC’s e-learning package ‘Top Tips For Staff’ can be completed online, or built into your […]

Read more Cyber Training for Staff in modal dialog

Protecting Against Cyber Attacks

CiSP – The Cyber Security Information Sharing Partnership

The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK […]

Read more CiSP – The Cyber Security Information Sharing Partnership in modal dialog

Scottish Cyber Coordination Centre – Vulnerability Coordination: Policy and Procedure

Outlines the policy and procedure for Scottish Cyber Coordination Centre (SC3) to alert and, where appropriate, coordinate responses from the Scottish public sector organisations, to cyber-attacks that exploit a previously unknown vulnerability.

Read more Scottish Cyber Coordination Centre – Vulnerability Coordination: Policy and Procedure in modal dialog
incident icon

SC3 Threat Reports

Keep up-to-date on all the latest cyber threats with the daily threat and weekly vulnerability reports from the Scottish Cyber Coordination Centre (SC3) Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published. Daily […]

Detecting Cyber Incidents

Cyber Directory

Search the directory to find a Scottish company that can help provide you with a specific product or service. Businesses across any sector can quickly view Scottish technology businesses that can deliver solutions to a range of related issues, from […]

Read more Cyber Directory in modal dialog

IT Managed Services Directory

Find the company that can help manage all of your IT Services. Search the directory of over 170 Scottish companies who provide IT Managed Services. It will easily identify those that are both cyber resilient themselves through the Cyber Essentials […]

Read more IT Managed Services Directory in modal dialog

Minimising Impacts

Scottish Cyber Coordination Centre – Organisational Cyber Testing and Exercising Regime: Guidance

Outlines a cyber exercising regime to enhance preparedness and recovery from incidents across technical, operational, and strategic levels. It provides guidance for the Scottish public sector, offering a structured approach to testing and exercising, tailored to an organisation’s size.

Read more Scottish Cyber Coordination Centre – Organisational Cyber Testing and Exercising Regime: Guidance in modal dialog

Exercise in a box

Exercise in a box is an NCSC online tool which helps organisations find out how resilient they are to cyber-attacks and to help them practice their response. The service provides exercises, based around the main cyber threats which your organisation […]

Read more Exercise in a box in modal dialog

Public Sector Cyber Incident Co-ordination Procedure

Outlines the procedures for notifying and coordinating responses to notifiable cyber incidents affecting Scotland’s public services. It defines the agreed-upon cyber incident notification process adopted by the Scottish public sector since 2018.

Read more Public Sector Cyber Incident Co-ordination Procedure in modal dialog

Learning and Skills

Cyber Aware Action Plan

Learn how to protect yourself or your small business online with the Cyber Aware Action Plan. Answer a few questions on topics like passwords and two-factor authentication, and get a free personalised list of actions that will help you improve […]

Read more Cyber Aware Action Plan in modal dialog

Digital, Data and Technology Profession, Skills and Capability

The Scottish Digital Academy was launched in 2017 to provide high quality professional learning and training to support the development of digital skills and capability across the public and third sectors in Scotland.

Read more Digital, Data and Technology Profession, Skills and Capability in modal dialog

The UK Cyber Security Council

The UK Cyber Security Council is the self-regulatory body for the UK’s cyber security profession. It develops, promotes and stewards nationally recognised standards for cyber security in support of the UK Government’s National Cyber Security Strategy to make the UK […]

Read more The UK Cyber Security Council in modal dialog
Back to top of the page