Strategic Framework for a Cyber Resilient Scotland - End Year Review 2023-24

Third Sector Action Plan and Achievements

The Third Sector Action Plan (2023-25) has 6 key objectives, and these are that third sector organisations:

• embed cyber resilience into their governance, policies and processes
• improve their understanding of cyber risks
• advance their cyber assurance by embedding cyber security standards, regulations and compliance
• improve their staff’s cyber resilient behaviour
• increase opportunities for professional development of IT and cyber security staff
• prepare for, respond to, and recover from cyber incidents.

Key achievements in 2023/24 include:

• We funded a third sector cyber resilience development officer within the Scottish Council for Voluntary Organisations (SCVO) who came into post in October 2023 to drive up cyber resilience capabilities across the third sector. A third sector steering group has been established to set out the priorities within the Third Sector Action Plan and to work collaboratively across the sector.
• We funded the Cyber Resilience Conference for the third sector during Cyber Scotland Week 2024 in Edinburgh which was attended by 120 delegates. Each delegate was offered the chance to access a free NCSC assured cyber awareness training course. 100% of respondents felt the conference was worthwhile and pitched at the right level.
• With the NCSC Exercise in a Box toolkit we have helped third sector bodies improve their cyber incident response planning. This was delivered by the Cyber and Fraud Centre Scotland (CFCS), and between August 2023 and March 2024, 66 third sector organisations from health, housing and social care took part in 37 Exercise In a Box sessions. We funded the Stirlingshire Voluntary Enterprise to deliver cyber security awareness training. It reached 300 individuals from disadvantaged communities and included 2 online sessions for 23 people recovering from trauma, sessions for 100-150 individuals in rural communities, and sessions for 10 young people aged 12-26.
• We funded the Central and West Integration Network to deliver the Internet Security Project which included computing classes to individuals in the centre and west end of Glasgow whose first language is not English. A Cyber Security Booklet was published in multiple languages including Persian and Arabic and 38 participants attended the classes.

Case Study – ScotlandIS/SCVO - Third Sector Cyber Resilience Conference

We funded ScotlandIS, in collaboration with SCVO to host a conference during Cyber Scotland Week 2024 which was specifically designed for the third sector Sector in Scotland. The Cabinet Secretary for Justice and Home Affairs was the keynote speaker at the event. The conference was designed to empower third sector organisations to protect themselves against cyber threats. Participants gained practical insights, actionable strategies, and access to resources that will enable them to develop robust cyber security measures within their organisations.

120 delegates attended on the day with each delegate offered the chance to access a free NCSC assured cyber awareness training course. The conference received excellent feedback.