Safe, secure and prosperous: a cyber resilience strategy for Scotland

Section 3 - Implementing the strategy and measuring the impact

This section covers:

How will we implement this strategy?

How will we know if we are making a difference?

How will we implement this strategy?

This strategy is the initial framework to help build a cyber resilient Scotland. It sets out high level actions which we will develop into a set of action plans post-publication. These plans will evolve to keep up with the pace of rapid and emerging digital change and the associated risks.

The Scottish Government will work with partners to use this strategic framework to set out detailed action plans that align to the themes.

We need your help to make Scotland more cyber resilient.

It is essential that we commit to implementing the strategy and associated action plans. Effective implementation of this strategy will require the input and action from every part of Scottish society - from communities, small businesses, large organisations, local authorities, third sector organisations, academia, law enforcement and central government and, of course, citizens themselves.

How will we know if we are making a difference?

The Scottish Government will ask partners to share their own action plans and keep track of milestones and progress on an annual basis. There will be regular annual updates on progress to a national governance group. There will be some flexibility to reporting depending on the urgency of the task the stakeholder is responsible for, the rapid rate of development of threats and the developing skills and knowledge of the stakeholder.

The strategy will be reviewed in two years' time; however we may review some elements within the strategy more frequently (due to the rapidly changing nature of cyber).

How will we know we're making a difference?

We will know if we are succeeding if we are able to see a step-change in the cyber resilience of our citizens, businesses, public services and government. Our initial plan to measure success under each of the outcomes is as follows:

1. our people are informed and prepared to make the most of digital technologies safely

Evidence example: public opinion surveys; number of young people undertaking cyber-based activity within the curriculum; number of cyber crimes committed against individuals.

2.our businesses and organisations recognise the risks in the digital world and are well-prepared to manage them

Evidence example: business research; number of reports to Scottish Cyber Information Network ( SCiNET); numbers of cyber crimes committed against SMEs.

3.we have confidence in and trust our digital public services

Evidence example: number of public servants trained in cyber resilience; information of data breaches recorded by public sector organisations.

4.we have a growing and renowned cyber resilience research community

Evidence example: number of post-graduate researchers; numbers of Scottish universities recognised as Academic Centres of Excellence in cyber security and cyber resilience; local and global recognition of research findings.

5.we have a global reputation for being a secure place to live and learn, and to set up and invest in business

Evidence example: Scottish Enterprise investment data; international economic comparison research such as OECD.

6.we have an innovative cyber security, goods and services industry that can help meet global demand.

Evidence example: number of staff employed within the cyber security goods and services sector; number of Scottish enterprises with recognised cyber security kite marks; take up of Scottish-based cyber security services; number of cyber resilience spin-off companies linked to Scottish universities and colleges.