Ministers north of the border have published a strategy setting out measures intended to help increase skills across business and public sector entities, as well as better anticipating potential threats

The Scottish Government has launched a new cybersecurity strategy, designed to protect organisations from attacks, including a new early-warning system for threats facing public bodies.

The strategy, which will be in place for the next four years, details plans to make Scotland a stronger, more resilient and more capable country when it comes to online threats.  Measures set out in the document include a £300,000 upskilling fund, designed to strengthen the cybersecurity expertise of the public sector workforce. 

The plan further  outlines the ambition of the Scottish Government to embed cyber learning in the school curriculum, ensuring a generation of Scots grow up in an environment that values cybersecurity. 

“Children will learn about digital security and resilience as naturally as they learn to read and write,” the strategy says. “In our schools, colleges and universities, our students will not only be technically proficient but will be cyber aware too. Educators will be equipped with secure technology, supported by a curriculum that embeds cyber resilience from the earliest years.”

Related content

• NHS Scotland buys £3m AI-powered anti-ransomware system
• Cybercrime: One in every 1,000 CMA offences were charged in FY25
• Police Scotland to launch dedicated cybercrime unit

The Scottish Cyber Coordination Centre is also launching a Cyber Observatory that will be used to analyse and share early warnings on cyberthreats across the public sector. It is hoped that this will allow organisations to identify threats before they occur and be more “proactive” in combating them.

“Cyber resilience touches the lives of everyone,” wrote first minister John Swinney and cabinet secretary for Justice Angela Constance. “Our digital world now connects every person and every organisation to websites, apps, systems, data and services as part of our personal and working lives. These are things we benefit from, but we need to ensure they are safe and secure to use.”

“The message is clear: we must be proactive,” said Maggie Titmuss, chair of the National Cyber Resilience Advisory Board. “That means building the awareness to recognise threats, the discipline to reduce risk and the readiness to respond swiftly and confidently when, not if, an attack comes. Cyber resilience is everyone’s business. It isn’t just a technical necessity – it’s a national imperative.”

A version of this story originally appeared on PublicTechnology sister publication Holyrood