Current status: Answered by Angela Constance on 24 July 2025
To ask the Scottish Government how it plans to ensure that (a) local authorities and (b) other public bodies are adequately resourced and supported to prevent, detect and respond to cyberattacks, particularly in the context of the Scottish Cyber Coordination Centre’s remit and the updated Public Sector Cyber Resilience Framework.
The public sector provides a range of digital public services and it is critical that these are secure and resilient.
The Scottish Government has been encouraging public sector organisations to adopt a proactive, risk based governance approach, with board-level accountability to build their cyber resilience.
To support the sector’s ability to prevent, detect and manage cyber threats, the Scottish Government has set out a framework that provides an approach for public bodies to follow. It includes guidance on how to:
Assess their cyber resilience maturity
Align with minimum security standards
Benchmark performance, and
Prioritise investment based on risk.
It is supported by practical tools such as self-assessment templates and critical systems mapping resources which enables organisations to identify needs, engage leadership and prioritise budget and support.
The Scottish Cyber Coordination Centre (the SC3) provides:
24/7 national incident response coordination
Daily threat intelligence and early warning notifications
Cyber exercising and preparedness programmes, and
Guidance on standards and best practice.
This national support is helping to equip our public bodies with the tools, intelligence and skills needed to build and maintain strong cyber resilience.