Cyber Scotland Week

By Paul Johnston (Director General, Education, Communities and Justice, Scottish Government) on 23rd Apr 2019

Today marks the start of our first ever Cyber Scotland Week, centred around the National Cyber Security Centre’s (NCSC) CYBERUK, taking place on 24-25 April in Glasgow.

This Scottish Government initiative raises awareness of the importance of cyber resilience to our citizens, businesses and charities, with a host of partner events taking place across our communities.

What do I mean by “cyber resilience”? Put simply, it means: being able to prepare for, withstand, rapidly recover and learn from deliberate attacks in the digital world. The Scottish Government absolutely recognises the enormous opportunities that digital technologies can bring for Scotland, and we are working hard to ensure that everyone can benefit from them. However, with those new opportunities come new risks and threats that must be identified, and carefully and effectively managed.

Scotland has an ambition to be a vibrant, inclusive, open and outward-looking digital nation. Our digital strategy sets out our plans for putting digital at the heart of everything we do – including the way in which we deliver inclusive economic growth, reform our public services and prepare our children for the workplace of the future. I view cyber resilience as a fundamental enabler to realising our digital ambitions.

I am delighted SCVO have championed discussion around encouraging people to explore, adapt, invest and collaborate to create a more digitally confident third sector in Scotland. The research shows that charities using new technology and the internet aren’t just reaching more people, they are also more efficient and effective. An investment in digital can enable more time to be spent making a difference for the individuals and communities that charities serve.

Our third sector are so very often our front line in delivering a range of key public services supporting our communities to flourish. People are also our strongest line of defence. To help them operate safely and confidently in the digital world, we need to create the conditions and culture that help to instil cyber resilient knowledge, attitudes and behaviours across the age spectrum.

That includes raising awareness of just how significant the growing cyber threat to charities is. The 2019 Cyber Security Breaches Survey, published earlier this month, found that 1 in 5 charities (and half of high-income charities) report having cyber security breaches or attacks in the last 12 months. When those attacks led to the loss of data or assets, the average annual cost to charities was £9,470.

Our Third Sector Action Plan on Cyber Resilience launched in June last year, as part of a suite action plans to help move Scotland as a whole towards greater cyber resilience by 2020. This resulted in the establishment of the Third Sector Cyber Catalyst group, which consists of organisations that have committed to becoming exemplars in cyber resilience and sharing knowledge and good practice.

For me, leadership and sharing of knowledge and good practice are fundamental to the successful development of a culture of cyber resilience in Scotland – and I would like to record my thanks to the catalyst organisations for their support for the group’s programme of work. You each have a key role in supporting the wider sector.

I am delighted Scottish Government have provided a £500,000 fund to help charities and small to medium-sized businesses to further improve their cyber security. If you are a charity, you may wish to apply for the SCVOgrants programme to enable your organisation to achieve Cyber Essentials accreditation.

During Cyber Scotland WeekI would strongly encourage organisations to consider their own cyber resilience and start the conversation about why everyone – donors, volunteers, employees and trustees - have a role to play in protecting the sector from cyber-related harm.

Scottish Government, SCVO and our Third Sector Cyber Catalysts are here to help you progress on your journey, whether this is around supporting your cyber resilience needs across operational, technical or governance measures. A wide range of excellent resources and support are also available online:

Or please get in touch with our Cyber Resilience Unit and we’ll do our best to help!