What you need to know about the Government's latest cyber action plan
Cyber action plan
Did you know that in the 2025 M&S cyberattack, the retailer's market capitalisation fell by around £1 billion?[1]
In that very same year, Jaguar Land Rover reported a pre‑tax loss of £485 million for the quarter. This proved to be a significant change from the £398 million profit it recorded in the previous year. Following the attack were weeks of disruption in which the company had to shut down its networks and pause its highly automated production lines.[2]
While large‑scale attacks often dominate the news, small and medium businesses continue to face significant cyber risk. In 2025, 42% of small organisations and 67% of medium‑sized ones experienced an attempted attack.[3]
Government efforts to crack down on cybercrime
As cyberattacks are becoming increasingly frequent and more damaging than ever before, the government has reacted by stepping up its response. Its latest move introduces new measures that are aimed at strengthening the security and resilience of public services through a dedicated Cyber Action Plan. This plan is designed to ensure people can use these services safely and with confidence.[4]
What's being introduced?
Through its new Cyber Action Plan, the UK government has allocated £210 million to help strengthen public services against cyber threats. This initiative includes:
Establishing a Government Cyber Unit that's responsible for setting compulsory security standards.
Coordinating incident response.
Offering expert guidance across central departments, local authorities, and the health sector.
The plan also brings in measures to tighten supply‑chain security and enhance an organisation's ability to detect and recover from attacks, ensuring essential services stay robust and dependable.
When will it happen?
The rollout is already underway and will be released across three stages between now and 2029. The first phase, running until March 2027, puts a focus on setting up governance structures and establishing baseline cybersecurity standards. The second phase will expand delivery by introducing more advanced tools, improving threat monitoring, and developing the cybersecurity workforce. From 2029 onwards, the third phase will concentrate on ongoing improvement, strengthening supplier resilience, and embedding cyber skills throughout the public sector.[5]
Overall, the plan raises the bar for security and accountability, setting new expectations for every organisation that works with or relies on government services.
How Edwards Insurance Brokers can help your business
Cyber insurance help businesses with a wide range of cover features that are intended to strengthen your resilience recovery following an attack. While policies can look different, your cover can include:
Access to specialist cyber security tools and expert advice to support prevention, response, and recovery.
Financial protection for legal costs, reputational damage, loss of data, damage, and business interruption.
Because supply chains are affected, cyber incidents don't just affect the business targeted – they create a ripple effect across those in the chain. That's why it's important to consider cover that includes legal support, PR assistance, and interruption protection as part of a well-rounded defence strategy.
Want to know more?
Get in touch today to find out how cyber cover can help you stay ahead of growing cyber threats.
[1] techradar.com/pro/security/m-and-s-hack-may-have-been-caused-by-security-issues-at-indian-it-giant-tata-consultancy-services
[2] https://www.bbc.co.uk/news/articles/ckg1w255gy1o
[3] https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2025/cyber-security-breaches-survey-2025
[4] New cyber action plan to tackle threats and strengthen public services - GOV.UK