You're viewing our new website - find out more

Policy actions 2 of 4

Public, private and third sector cyber resilience

The importance of cyber resilience across Scotland's public, private and third sectors has never been greater. Digital technologies bring enormous opportunities for organisations, but they also bring new threats and vulnerabilities that we must manage.

We are working with partners to develop and implement action plans to enhance fundamental levels of cyber resilience in our public, private and third sectors.

Public sector action plan 2017 to 2018

We published The Public Sector Action Plan in November 2017. It was developed with the National Cyber Resilience Leaders Board and the National Cyber Security Centre. The plan aims to ensure that Scotland's public bodies have in place a common baseline of good cyber resilience practice, and are working towards becoming exemplars of cyber resilience. This is vital to ensuring our digital public services are safe and secure.

We have also provided an implementation toolkit to help public bodies understand how to implement with action plan.

We are working with the Public Sector Cyber Catalysts and the wider public sector to share knowledge and learning around public sector cyber resilience to identify common solutions to common problems.

Private sector and third sector action plans

We are currently developing action plans for the private sector and the third sector.

We believe the private sector must make progress towards establishing fundamental standards of cyber resilience that are in line with world-leading nations. This particularly applies to technical or cluster companies, who are expected to offer leadership for the rest of Scotland in this respect.

Key third sector organisations in Scotland are supported and encouraged to achieve standards of cyber resilience that are equivalent to those of public and private sector organisations. This is particularly the case where third sector organisations are delivering public services or dealing with sensitive personal data.