On the day in Jan. 2026 of the passing of the 2nd Reading of the ‘Cyber Security & Resilience Bill’ in the British House of Commons – Kanishka Narayan MP Parliamentary Under-Secretary of State (Minister for AI & Online Safety) explained that currently the most popular IT password in Britain is ‘Password’!!
He went on to update the House that the current average cost of a cyber attack in the country is £90K & that Britain remains the most targeted European country with approaching a £15 Billion cost to the economy last year.
Huge Loss
The huge cyber attack loss last Autumn by Jaguar Land Rover which necessitated a £1.5B Govt. loan & had a measurable effect on British GNP clearly showed the profound impact failure in Cyber Security can have both to individuals & companies & indeed nations.
The Department for Science, Innovation & Technology’s (DSIT) have therefore announced the following:-
New Measures
New measures will be introduced to make online public services more secure & resilient, so people can use them with confidence – whether applying for benefits, paying taxes or accessing healthcare.
- £210m plan to strengthen cyber resilience across government.
- Government Cyber Unit to co-ordinate risk management & incident response across departments
- Leading firms with strong history of cyber security to drive best practice through new Software Security Ambassador Scheme.
Government Cyber Unit
Backed by over £210 million, the Government Cyber Action Plan published today (Tues. 6 Jan.) sets out how Govt. will rise to meet the growing range of online threats. Driven by a new Government Cyber Unit, the plan will rapidly improve cyber defences & digital resilience across Govt. departments & the wider public sector, so people can trust that their data & services are protected.
It underpins UK Govt. plans to digitise public services. This will make more services accessible online, reduce time spent on phone queues & paperwork, & enable citizens to access support without repeating information across multiple departments. This approach could unlock up to £45 billion in productivity savings by using technology effectively across the public sector.
However, realising these benefits depends on trust. As services move online, they must be secure & resilient. Cyber-attacks can take vital public services offline in minutes, disrupting lives & undermining confidence. The new plan addresses this challenge head-on.
Cyber Security & Resilience Bill
Released as the Cyber Security & Resilience Bill which had its 2nd Reading in the House of Commons, the Bill sets out clear expectations for firms providing services to Govt to boost their cyber resilience.
From energy & water suppliers to healthcare & data centres, strong defences throughout supply chains will help keep the water running & the lights burning – facing down the cyber attackers who want to grind our country to a halt.
The Plan
The plan will lead to:
- clearer visibility of risks: shining a light on cyber & digital resilience risks across Govt., so we can focus efforts where it matters most.
- stronger central action on the toughest challenges: taking decisive, ‘joined up’ action across departments on severe & complex risks that no single organisation can solve alone with a dedicated team overseeing co-ordination.
- faster response to threats & incidents: reacting quickly to fast-moving cyber threats and vulnerabilities to minimise harm & speed up recovery by requiring departments to have robust incident response arrangements in place.
- higher resilience across government: boosting resilience at scale, with targeted measures to close major gaps & protect critical services.
Vital Public Services
Digital Government Minister Ian Murray observed:
Cyber-attacks can take vital public services offline in minutes – disrupting our digital services & our very way of life.
This plan sets a new bar to bolster the defences of our public sector, putting cyber-criminals on warning that we are going further & faster to protect the UK’s businesses & public services alike.
This is how we keep people safe, services running, & build a government the public can trust in the digital age.
Software Security Ambassador Scheme
Today’s plan is also bolstered by further steps to take the UK’s cyber defences further and faster.
A new Software Security Ambassador Scheme will now help drive adoption of the Software Security Code of Practice – a voluntary project designed to reduce software supply chain attacks and disruption.
Software underpins the economy as a core component of all technologies that businesses rely on. Yet weaknesses in software can cause severe disruption to supply chains & the essential services the public use every day with more than half (59%) (note) of organisations experiencing software supply chain attacks in the past year.
Software Security Practices
These issues can be addressed by embedding basic software security practices across the software market. Among others, Cisco, Palo Alto Networks, Sage, Santander & NCC Group will come on board as the scheme’s ambassadors, championing the Code across sectors, showcasing practical implementation, & providing feedback to inform future policy improvements.
Cyber risk to the public sector remains high. The plan responds with £210m to spark a step change in public sector cyber defences, holding organisations to account for fixing vulnerabilities. This includes setting clear minimum standards & investing in more direct support to minimise the impact when incidents do occur.
Government’s Mission
Cyber resilience is central to the government’s mission of national renewal. Secure, reliable digital public services help protect citizens, support growth, & deliver better value for taxpayers, while maintaining trust in the services communities rely on every day.
Thomas Harvey, Chief Information Security Officer (CISO), Santander UK commented:
We are pleased to be an ambassador for the UK Govt’s Software Security Code of Practice & it reflects our broader commitment to collective resilience. By advocating for these standards we are not just protecting Santander & our customers, we are helping to build a more secure digital economy for everyone.
