The UK's new £210 million cyber action plan aims to address the gaps in its previous cyber policies, signalling a larger prioritization of cybersecurity.
On January 6, 2026, the United Kingdom’s Department for Science, Innovation and Technology (DSIT) announced the release of a new Government Cyber Action Plan. The action plan has made headlines for essentially admitting their past cyber policy failed while investing more than £210 million (over $282 million) in a new organization to support the implementation of the plan.
In the ministerial foreword, Ian Murray, the Minister of State for the DSIT, specifically described the current cyber infrastructure as “not adequately resilient”, saying that “our legacy systems often cannot be defended by modern cyber security measures. We know that historical underinvestment in both technology estates and proportionate cyber security measures have left us with a significant technical debt whilst the threat we face is rapidly evolving and is the most sophisticated it has ever been.”
Murray’s description of the UK’s present cybersecurity stance does not overstate the need for change. A 2022 data breach in the Ministry of Defence forced the relocation of 4,500 Afghan people. The 2024 Synnovis cyberattack (referenced in the policy document) decimated a health system and even caused a patient's death. In April 2025, ransomware hacks on massive retail chains Marks & Spencer, Co-op, and Harrods led to huge losses, with Marks & Spencer losing an estimated £1 million per day in sales during the attack and losing nearly £700 million ($930 million) in stock market value. In October 2025, the National Cyber Security Centre (NCSC) published its annual review, which established that highly significant cyber threats had only increased 50% since 2024.
The action plan was developed by the DSIT, with help from the Government Cyber Advisory Board (GCAB), industry partners, departments, and public sector organizations. The main objectives are to gain a better understanding of cybersecurity and resilience risk, take care of significant and complicated risks, enhance responsiveness to rapidly changing events, and quickly boost cyber-resilience all over the government.
The organization in charge of directing progress to these objectives is the newly founded Government Cyber Unit, which will be funded by the £210 million allocation. The plan describes five delivery strands (accountability, support, services, response and recovery, and skills) that will be key to achieving the “system-wide transformation for government cyber security and resilience” over three phases spanning from April 2027 to April 2029 and beyond.
The Cyber Unit will also work on establishing and leading the Government Cyber Profession, a new career designation aiming to “attract, upskill, retain, and support government cyber professionals.” Like the United States, the UK has been dealing with a cyber skills gap that can be expensive when the work is outsourced, so reinforcing the cyber workforce is critical to improving security. The Government Cyber Profession being girded by the well-funded Cyber Unit is likely a step in the right direction, away from the lower salaries that were ridiculed in earlier federal cyber job postings.
DSIT Minister Ian Murray expressed confidence in the new strategy in the press release: “Cyber-attacks can take vital public services offline in minutes – disrupting our digital services and our very way of life. This plan sets a new bar to bolster the defences of our public sector, putting cyber-criminals on warning that we are going further and faster to protect the UK’s businesses and public services alike. This is how we keep people safe, services running, and build a government the public can trust in the digital age.”
Outside of the action plan, another section of the UK government is rewarding cybercrime fighters. Gavin Webb received an Officer of the Order of the British Empire (OBE) New Year award from King Charles. Webb, working under the National Crime Agency (NCA), was the UK lead on Operation Cronos, an international project that disrupted LockBit. LockBit was a prolific ransomware service, and the disruption in 2024 significantly curbed activity, although there are signs the group may be making a slight resurgence in recent months. Seven other NCA officers also received honors for their work in and outside of cybersecurity, along with the founders of the cybersecurity training program Capslock, Lorna Armitage and Andrea Cullen.
These awards, coupled with the UK’s new cyber action plan, might be what’s needed to push the country forward in cybersecurity, as the government recognizes that “a radical shift in approach and a step change in pace” must be achieved “protect our critical national infrastructure, defend public institutions and maintain public confidence in essential public services”.