Strategic Framework for a Cyber Resilient Scotland - End Year Review 2023-24

Private Sector Action Plan and Achievements

The Private Sector Action Plan (2023-25) has 6 key objectives:

• Increase businesses’ understanding of cyber risks that may affect them.
• Improve cyber resilient behaviours of the private sector workforce.
• Build the professional skills of IT and cyber security staff across the private sector.
• Embed cyber security standards, regulations, and compliance across the private sector.
• Raise awareness of the cyber security goods and services and expertise available to all organisations.
• Support businesses to prepare for, respond to and recover from cyber incidents.

Key achievements in 2023/24 include:

• Scotland’s Cyber Cluster has seen significant growth over the last few years. The number of cyber security products and services companies has almost quadrupled from 102 in 2018 to 401 in 2024. We have funded ScotlandIS who manage the Cyber Cluster in Scotland to support the growth of the sector- including the skills, community, and culture to boost the cyber industry in Scotland and its wider international profile.
• Securing the Scottish Space Sector - we provided funding to drive adoption of Cyber Essentials (CE) across all 133 recognised space organisations in Scotland. Through this initiative, 83% of Scottish based space technology companies now have CE or equivalent.
• IT Managed Service Providers (ITMSP) Charter - we funded ScotlandIS (who manage the ITMSP Cluster in Scotland) to develop an ITMSP Best Practice Charter that will drive standards, ensure secure and trusted client services, and maintain high levels of cyber resilience. It has been adopted by 65 companies to date (just over 23% of ITMSP in Scotland).
• Cyber Incident Response Line - we funded Cyber and Fraud Centre Scotland to provide an Incident Response support for all organisations across Scotland. From April 2023 to March 2024, the Cyber Incident Response Service has provided support to 117 SMEs and charities impacted by cyber incidents, in addition to assisting 196 individual callers. The total financial fraud reported during this period amounted to £26.7 million, with a recovery of funds totalling £16.2 million.
• IOT Secure - we provided funding to CENSIS (Innovation Centre for Sensor and Imaging Systems) for the latest phase of the “IoT Secure Service.” From August 2023, CENSIS sought to address the common IoT Cyber Security challenges presented by start-ups and SMEs through one-to-one support, workshops and delivering events with members of Technology Scotland, IASME and STAC – Smart Things Accelerator Centre. This has broadened the outreach to over 65 additional people beyond the 11 SMEs directly supported.
• Cyber Security Awareness Conference - As part of CyberScotland Week 2024, we provided funding to Police Scotland to deliver a Cyber Security Awareness conference as part of the Greater Glasgow Partnerships with expert guest speakers from across the cyber network and local Cyber Security Businesses who exhibited at the event. Attendees included individuals from the private and public sectors, as well as colleges, universities, 4 council areas, banks, STV, SSE and the National Air Traffic Service (NATS).

Case Study – Securing the Scottish Space Sector

During this year, we have provided funding to establish a baseline of cyber security across the Scottish space ecosystem by driving up adoption of Cyber Essentials (CE) across all 133 recognised space organisations in Scotland.

Through this initiative, 83% of Scottish based space technology companies now have CE or equivalent.

This activity will support the adoption of cyber security measures in the Scottish Space Sector and its supply chain in line with NCSC (National Cyber Security Centre), DSIT and UK Space Agency regulations.