SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Untitled design 43
#
Data Protection
#
DR
#
Ransomware

UK unveils new Cyber Unit amid mixed funding concerns

Tue, 13th Jan 2026
Author image
By Sofiah Nichole Salivio, News Editor

Following the launch of the UK government's refreshed Government Cyber Action Plan (GCAP) earlier this month, cybersecurity executives and industry specialists have begun to weigh in, offering a cautiously optimistic assessment of the proposals and the creation of a new central Cyber Unit.

Industry leaders broadly agree the move signals a clear break from the government's historic reliance on "light-touch" guidance, marking a shift towards a more coordinated, outcome-focused approach to cyber defence across the public sector. However, many stress that success will hinge on addressing persistent challenges around funding, governance and specialist skills.

The refreshed GCAP sets out plans to raise baseline security standards, improve visibility of cyber risk, and strengthen incident response across central and local government, agencies and arm's-length bodies. The announcement follows a series of high-profile attacks on public sector organisations, including NHS trusts, the Legal Aid Agency and several London councils.

As part of the plan, a new Cyber Unit will be established to coordinate public sector responses, set common expectations for departments, and work more closely with suppliers across complex technology supply chains.

Policy shift

In comments made since the launch, security executives describe the Cyber Action Plan as a significant shift away from advisory models towards measurable resilience and response.

"The new Government Cyber Action Plan is a much-needed step forward, reinforcing the long-held industry view that voluntary frameworks and advisory models alone are not enough to produce measurable security outcomes," said Findlay Whitelaw, Cybersecurity Strategist and Researcher at Exabeam.

"This move from the UK government feels less like a policy change and more like a shift in how cyber effectiveness will be judged. The focus is no longer just on stronger standards or tighter supplier obligations, but on how quickly risk is identified, prioritised and contained when things don't go to plan."

Whitelaw added that long-standing weaknesses in government technology estates and supply chains continue to amplify cyber risk.

"Technical debt and supply chain exposure significantly increase security challenges within the public sector. Legacy infrastructure creates systemic weaknesses, and many major incidents are inherited through vendors, MSPs and service providers rather than originating from direct attacks. As a result, the challenge shifts from prevention alone to detecting and responding to risk as it propagates across organisational and supplier boundaries," she said.

Funding concerns

The government has earmarked £210 million to support the new measures, a figure some security leaders say appears modest given the scale and impact of recent incidents.

"The ambition behind the UK's Cyber Action Plan, including the launch of a new Cyber Unit to bolster defences, is welcome," said Ade Taylor, Head of Security Services at Roc Technologies. "However, the reported £210m funding feels modest when compared to the cost of recent critical national infrastructure incidents, where losses can quickly run into the billions and adversaries are persistent and well resourced."

Taylor added that improved coordination alone would still deliver value. "A central initiative to coordinate public sector responses should strengthen alignment across government, and the timing is certainly hard to argue with."

Distributed data reality

Executives also highlighted the complexity of delivering central oversight in an environment where government data and systems remain widely distributed across departments, legacy platforms and multiple cloud environments.

"GCAP's emphasis on centralised cyber support makes sense, but government data will always be distributed," said Tom Peirson-Webber, VP of Engineering at Harbr Data. "The solution isn't physically moving everything into one place, but building governance that delivers central visibility and control over distributed data."

He added that secure collaboration would be critical. "Departments need to share data to deliver joined-up services, but security controls must be robust and usable, with proper access management, audit trails and time-limited permissions to prevent insecure workarounds."

Peirson-Webber said this places new emphasis on data governance skills alongside traditional cyber training.

"It's not enough to simply lock data down. Organisations need people and systems that make secure access practical. Effective governance and traceable data lineage allow teams to quickly understand what was exposed during an incident and respond decisively," he said.

Reflecting how incidents unfold

Security leaders say the proposed Cyber Unit aligns more closely with how public sector cyber incidents unfold in practice.

"This programme should help prevent more attacks, while also ensuring responses are faster and more effective when incidents do occur," Taylor said. "Clearer minimum-security standards, improved visibility of cyber risk and coordinated incident response are essential to keeping public services available under pressure."

He added that incidents rarely remain contained within a single organisation. "They spread across shared services, third parties and legacy systems, which is where coordination often breaks down. A central unit driving consistency should reduce confusion in the critical early stages of an incident."

Jake Madders, Director and Co-Founder of Hyve Managed Hosting, said the creation of the Cyber Unit reflects the rising tempo of attacks on the public sector.

"The scale of the cyber threat facing the UK public sector is escalating. In the year leading up to September, the NCSC responded to an average of four nationally significant cyber-attacks every week," he said. "Recent incidents, including the Legal Aid Agency breach and attacks on London councils, underline why stronger coordination is needed."

"In that context, the new Cyber Action Plan and Cyber Unit are a welcome step. Putting collaboration back at the centre of the UK's response should improve resilience when attacks hit."

Impact on suppliers

The Cyber Action Plan also has implications for the large ecosystem of suppliers supporting government services.

"For suppliers, clearer expectations should reduce ambiguity about what 'good' looks like," Taylor said. "The trade-off is that there will likely be tighter assurance requirements and more effort needed to demonstrate that controls are operating continuously, not just documented."

Madders said alignment with existing frameworks would be essential, particularly for smaller providers.

"Ideally, expectations should align with recognised standards like the NCSC Cyber Assessment Framework or Cyber Essentials Plus, rather than creating new checklists," he said. "Requirements need to be proportionate, otherwise there's a risk only the largest vendors can keep up."

From alerts to outcomes

Whitelaw said delivering real improvements would require a shift away from volume-driven security operations.

"Success depends on prioritising risk based on behaviour, context and entities, rather than drowning teams in alerts," he said. "Automation and AI can help cut through manual triage and demonstrate security effectiveness in real operational conditions, not just on paper."

People and delivery

Finally, executives stressed that sustained investment, operational delivery and culture change would determine whether the plan delivers lasting impact.

"There are no silver bullets," Taylor said. "The difference will be made by steady execution rather than grand announcements. Improving connectivity without strengthening security only increases the blast radius when something goes wrong."

Madders added that capacity constraints remain a major concern. "Public sector teams are already stretched. The Cyber Unit must be realistically resourced so departments can implement, test and maintain controls over time."

Taylor concluded that culture and training would be just as important as technology. "If this becomes a box-ticking exercise, it will fail. Cyber resilience has to be treated as an organisation-wide priority, not something left to compliance teams alone."

Related stories
Ecommpay leader wins Women in Risk & Compliance award
Palo Alto warns on earnings as guidance disappoints
Gr4vy adds Sardine tools to unify fraud & payments
AI deepfakes erode trust and reshape UK dating apps
SatVu raises GBP £30m to build UK thermal sat network

Top stories

IT leaders rethink cloud, AI spend amid lock-in fears
12Port unveils AI session intelligence for PAM security
DryRun Security adds Andrew Peterson to drive AI shift
AI-driven phishing surge dominates 2025 cyberattacks
Tailscale unveils Aperture to govern workplace AI use