The UK government has unveiled a £210m cyber action plan aimed at shoring up the public services, as ministers face mounting pressure to respond to a sharp rise in attacks on major British businesses.
The plan, published on Tuesday, comes amid a backdrop of high-profile cyber incidents that hit retailers including M&S, Co-op and Jaguar Land Rover in 2025.
It also lands amid growing concern within Whitehall that ageing digital infrastructure is leaving the public services exposed to increasingly tech-led cybercrime.
At its core is a new government cyber unit, tasked with coordinating cyber risk management and incident response, as well as tougher expectations for businesses supplying these services to the public sector.
Ministers say the investment is designed to ensure essential online services, from paying taxes to accessing healthcare, remain secure as the government pushes to digitalise public services.
The department of science and technology (DSIT) claim that push is central to the Treasury’s broader productivity agenda.
Officials estimate that effective use of digital tools across government could unlock up to £45bn in efficiency gains, but concede that savings depend on public trust in the resilience of systems increasingly targeted by attackers.
Mass disruption
The action plan comes as the Cyber Security and Resilience Bill enters its next stage in parliament, with proposals that would require regulated firms to meet minimum cyber standards, report incidents within 24 hours, and maintain tested response plans.
Security minister Dan Jarvis warned that cyber threats have moved “from the margins to the mainstream”, arguing recent attacks show how quickly operational disruption can spread through supply chains and hit economic output.
“If cyber crime were a national economy, it would be the third largest,” Jarvis said last month, citing projections that global scams could cost £27 trillion by 2027.
Industry figures broadly agree that the risk is no longer confined to isolated breaches.
Charl van der Walt, head of security research at Orange Cyberdefense, recently described the cyber environment as a “society-wide crisis”, warning that trust itself has become a primary target.
With that in mind, the government’s plan focuses less on individual departments and more on systemic weaknesses, such as slow incident response and software vulnerabilities.
Digital government minister Ian Murray said cyber incidents could “take vital public services offline in minutes”, adding that the plan was designed to “go further and faster” in strengthening public sector defences.
But coordination and accountability will matter more than headline funding.
Previous attacks, including the £1.9bn disruption caused by the Jaguar Land Rover breach, exposed how quickly failures in one organisation can cascade across the economy.