UK Government Unveils Cyber Action Plan with New Cyber Unit and Software Security Ambassador Scheme

The UK government has announced a major new Cyber Action Plan aimed at strengthening the resilience of public sector services against cyber-attacks. Central to the plan is the creation of a Government Cyber Unit, which will coordinate responses to cyber threats across departments, and the launch of a Software Security Ambassador Scheme to promote secure software development practices.

The measures come in the wake of a series of high-profile cyber incidents in 2025 affecting major UK organisations, including Jaguar Land Rover, Marks & Spencer and The Co-op. More recently, a technology supplier to the NHS confirmed it had suffered a cyber-attack, underscoring the growing threat to critical services.

The government is allocating £210 million ($285 million) to the Cyber Action Plan, which aims to raise minimum cybersecurity standards and provide more hands-on support to minimise the impact of cyber incidents. The newly established Government Cyber Unit, part of the Department for Science, Innovation and Technology and led by the Government Chief Information Security Officer, will oversee risk management and incident response across the public sector. Officials say this joined-up approach will enable faster, more effective action against threats that individual organisations would struggle to tackle alone.

Alongside the Cyber Unit, the government has launched the Software Security Ambassador Scheme to drive adoption of the Software Security Code of Practice, introduced in 2025 to reduce software supply chain risks. While voluntary, the code highlights how weaknesses in software can cause severe disruption and advocates embedding basic security practices across the industry. Ambassadors already signed up include Cisco, Palo Alto Networks, Sage, Santander and NCC Group.

The government hopes these initiatives will set a new benchmark for cybersecurity in the public sector, ensuring faster responses to incidents and stronger protections against evolving threats.