UK unveils GBP £210m plan to bolster cyber defences
The UK government's pledge of GBP £210 million for a new Cyber Action Plan has drawn a guarded welcome from senior figures in the technology sector, who warned that funding must be matched by sustained focus, governance reform and cultural change across both public and private sectors.
The investment aims to boost cyber resilience across government, establish a central Government Cyber Unit for faster incident response, and improve security for citizens accessing digital public services.
Industry leaders said the scale and direction of the commitment mark a significant intervention, but cautioned that the impact will depend on execution over several years.
Strategic shift
Russ Shaw CBE, founder of Global Tech Advocates and Tech London Advocates, said the investment signals a step towards a more strategic approach to cybersecurity in the UK corporate landscape.
"Today's investment in UK cybersecurity is a welcome and important step in strengthening the nation's digital defences. However, if incidents like the recent M&S or JLR attacks are to be avoided, this sense of urgency needs to be sustained and reflected more widely across UK PLC.
For many established organisations, cybersecurity has historically been treated as a back-office function rather than a strategic priority. As threats continue to evolve, cyber resilience must increasingly sit at board level. The UK cannot afford to fall behind, and consistent, high standards across both the public and private sectors will be critical to building a resilient national ecosystem.
Cybersecurity underpins the UK's ambitions in AI and emerging technologies. This funding should act as a catalyst for continued progress towards cyber-readiness, helping ensure the UK remains a secure, competitive and trusted leader in the global technology landscape," said Russ Shaw CBE, founder, Global Tech Advocates and Tech London Advocates.
Public sector focus
The government's plan centres on the public sector, including critical services such as health, local authorities and central departments. The Cyber Action Plan is expected to strengthen defences, improve incident coordination and support recovery from attacks.
Dave Spence, Cybersecurity Leader at DXC Technology, said the initiative marks a significant move to protect public infrastructure, but warned that the timetable and underlying technology constraints leave little margin for delay.
"The UK's new £210 million Cyber Action Plan is a positive and vital step towards safeguarding the public sector's critical systems. When public systems like the NHS go down, the consequences will be severe with real human impact. This initiative promises stronger defences, faster recovery, and greater resilience across all of government leading to benefits like increased public trust and productivity in an increasingly hostile on-line environment.
"But the investment alone isn't enough and timelines to get the new GCU setup and effective are multiple years. The UK government must ensure that its next steps are strategic and future-proof. Data shows that UK government spends nearly 50% of its tech budget just to keep outdated systems running, draining resources, and delaying innovation. Without a strategic and long-term approach to greater immediate investment in resilience and technology refresh across all of government, the gap between public expectations and government delivery will only widen before the GCU is effective. Emerging technologies are advancing faster than ever, but successful deployment will depend on modern governance, new operating models, and a cultural shift that embeds AI not as a bolt-on tool, but as a catalyst for transforming how people, processes, and services work together.
These choices will define the UK's competitiveness, efficiency, and service quality for years to come," said Dave Spence, Cybersecurity Leader, DXC Technology.
Legacy systems
Spence highlighted the burden of legacy IT across government. Public bodies spend a large share of their technology budgets keeping ageing systems running. That limits their ability to modernise services and adopt newer security architectures.
He said delays in refreshing core platforms risk widening the gap between citizen expectations and the quality and reliability of digital public services. He also said the establishment of the new cyber unit will take several years before it operates fully.
Boardroom priority
Shaw said cyber risk now sits alongside regulatory, financial and operational risk for UK companies. He said boards must treat cyber resilience as a central part of corporate strategy rather than an operational expense.
He also linked cyber preparedness with the country's wider technology ambitions, including in artificial intelligence. He said high and consistent standards across both public and private sectors will influence the UK's position in global markets and shape investor confidence in its digital economy.
The government's Cyber Action Plan forms part of a broader effort to reinforce national resilience against increasingly frequent and sophisticated attacks on critical infrastructure, public services and major private-sector brands.