Author: Rahul Powar, co-founder & CEO, Red Sift
The UK Government's recent Cyber Action Plan is the right intervention at the right moment. By pairing clear accountability with central support and backing it through a £210 million investment, a dedicated Government Cyber Unit, and the first Government Cyber Profession, ministers are acknowledging that secure, resilient digital services are now part of our national infrastructure, not optional extras.
That skills focus matters. With 49% of UK businesses and 58% of government organisations reporting basic cyber skills gaps, we're drawing from the same depleted talent pool. The Action Plan's Cyber Resourcing Hub, apprenticeship programmes, and industry secondment pathways won't just serve Whitehall. They'll expand the pipeline for everyone. This is where public-private collaboration can deliver real returns.
Digitisation can only achieve its promised efficiencies if citizens trust the systems behind it. The government's own framing is explicit: modern and secure digital services transform lives. They could also unlock up to £45 billion in productivity savings, but only if we fix fragile foundations and close resilience gaps. The Action Plan moves beyond rhetoric to risk-led action: stronger central direction, measurable progress, and faster incident response across a complex estate.
Next, the private sector must mirror this approach. Attacks don't respect organisational boundaries. Supply chains and shared platforms are only as strong as their weakest control. The National Cyber Security Centre's emphasis on software supply-chain security, including the new Software Security Ambassador Scheme, should be adopted widely by businesses that touch public services, from identity providers to healthcare and utilities.
Organisations should also look to harden their email authentication, DNS hygiene, and web security, in addition to continuously benchmarking domain health and using AI-enabled tooling to translate complex findings into clear, prioritised remediation, saving analyst time and money while shrinking the attack surface. We're proud at Red Sift to be a recognised contributor to NCSC guidance on these standards.
We also need to confront the broader legacy head on. Parliament's Public Accounts Committee has been clear: the threat has outpaced the government's ability to respond, and legacy systems remain a systemic risk. That is equally true in the private sector. Replace fragile platforms, standardise controls via frameworks like GovAssure and the Cyber Assessment Framework, and measure resilience with the same discipline you measure financial risk.
By aligning public and private defences we can restore trust in digital services, accelerate transformation, and deny cyber criminals any future momentum. As 2026 gets underway, the Action Plan sets the tone. It's now on every board and every CISO to match it, with clarity and speed.
Learn more about Red Sift's NCSC contribution