Jake Madders is Director and Co-Founder of Hyve Managed Hosting
The scale of the cyber threat facing the UK public sector is escalating. Over the year leading to September 2025, the National Cyber Security Centre (NCSC) responded to an average of four nationally significant cyber-attacks every week. Recent high-profile examples have included a data breach at the Legal Aid Agency and a co-ordinated cyber-attack on multiple London councils in late 2025.
Jake Madders is Director and Co-Founder of Hyve Managed Hosting
In that context, the new Cyber Action Plan and Cyber Unit are a welcome step. Putting co-ordination and collaboration back at the centre of the UK’s response is exactly what’s needed. The new Cyber Unit can further strengthen this by driving clearer minimum-security standards, improving cyber risk visibility and accelerating co-ordinated incident response and recovery. All of this should make public sector services more resilient when attacks hit.
It also creates a more realistic model for dealing with incidents that cut across multiple departments, platforms and providers, which is how most of these situations play out in practice. Most critical services now depend on complex supply chains of cloud, software and service providers, so clearer expectations about roles and responsibilities will help government and suppliers work as one team rather than losing time debating who owns which part of the problem.
That matters for suppliers as well as government teams. For organisations involved in the government supply chains, the new plan can reduce the ambiguity about what ‘good’ looks like and support more consistent procurement expectations across departments. But ideally, these expectations should be aligned with already recognised frameworks, such as the NCSC Cyber Assessment Framework and Cyber Essentials Plus, rather than creating yet another checklist. Smaller suppliers will need proportionate requirements and practical guidance; otherwise, there is a risk that only the largest vendors will be able to stay competitive.
The flip side is that it is likely to bring tighter assurance requirements and extra work to evidence compliance. In practice, that means proving that controls are operating continuously, not just written down, with clear evidence around access management, patching, monitoring, backup integrity and regular recovery testing. Policies, playbooks and DR plans only build resilience if they’re exercised under pressure, with lessons learned and actions followed through.
For overstretched public sector teams, capacity is as much of a challenge as capability. The Cyber Unit must have realistic funding and resources so that departments can implement and maintain the required controls.
Strengthening cyber resilience often means modernising the underlying infrastructure and applications rather than just adding more tools. MSPs specialising in secure, sovereign infrastructure can help turn policy into practice by operating controls daily and supporting rapid containment and recovery in the event of an incident.
Staff education and training need the focus as well. A significant portion of cyber incidents is still caused by human error, so cybersecurity must be a priority across the whole public sector organisation, not just the tech and compliance teams.
If the Cyber Unit can combine clear standards with practical support for delivery on the ground, it will make a real difference to how well public services withstand the next wave of attacks. For citizens, all this ultimately means fewer disrupted services, shorter outages and more confidence that their data is being handled responsibly.
For more, see Hyve Managed Consulting.
In related news:
UK environmental regulators hamstrung by outdated IT systems
Opinion: Why government digital delivery needs a startup reboot
Leave a Reply