The Government Cyber Profession, which is co-branded with the Department for Science, Innovation and Technology and National Cyber Security Centre, will establish a ‘cyber resourcing hub’ to “streamline” recruitment and create a “clear career framework” aligned with UK Cyber Security Council professional standards. It will offer what the government described as a “competitive total employee offer”.

A cyber academy, and an apprenticeship scheme, are also being set up, while greater focus is to be placed on providing “structured career pathways to strengthen long-term capability across the public sector,” according to a government announcement on 26 February.

The cyber profession’s primary hub will be at the Manchester Digital Campus in North West England. The office complex currently under construction on a former retail park will house staff from a number of civil service departments.

Details on the cyber profession’s governance and leadership are yet to be announced.

Innovation, taking place on 24 and 25 March 2026 in London, is a unique exhibition and conference that brings together government leaders from across the globe responsible for the transformation and acceleration of their public sector organisations and services. Co-hosted by the UK Government, UK Civil Service and the Cabinet Office, it covers innovation across a range of topics, including data, digital transformation, workforce, culture, sustainability, and more. Find out more about Innovation 2026 and register to attend here

Government sets out cyber action plan

A National Audit Office report published in January 2025, found that the cyber threat to government was “severe and advancing quickly”, with skills gaps the biggest risk to building cyber resilience.

The Government Cyber Action Plan, published last month, similarly highlighted that “demand for cyber security and resilience skills across government is growing faster than the supply of available talent”.

“Leaders, functional professionals and the wider workforce lack understanding of cyber risks and business impact,” the action plan – which is backed by more than £210m (US$279m) of government funding – stated, rolling the turf for the establishment of the Government Cyber Profession.

“Specific public sector challenges include pay and inconsistent approaches to career development,” the action plan stated. “Leaders and enabling professions also suffer from an insufficient understanding of cyber security and resilience, leading to de-prioritisation, underinvestment and inadequate security rigour in general business practices.”

In the government’s announcement last week, Dr Richard Horne, chief executive of the National Cyber Security Centre, said: “Cyber security is more consequential than ever today, with attacks in the headlines showing the profound impacts they can have on people’s everyday lives and livelihoods. As our public services continue to innovate, it is vital that they remain resilient to evolving threats and vulnerabilities are being effectively managed to reduce the chances of disruption.”

He added: “The Government Cyber Action Plan is a crucial step in building stronger cyber defences across our public services and the launch of the Government Cyber Profession will help attract and retain the most talented professionals with the top-tier skills needed to keep the UK safe online.”

UK government professions explained: Those in key government ‘professions’ work across government on behalf of departments, agencies and functions to develop specialist skills and knowledge, set standards and map out public servants’ potential career progression. There are 32 professions in the UK government, split into four types: operational delivery, policy, functional and specialist.

Vulnerability Monitoring Service results

The government used the 26 February announcement to highlight that a cyber Vulnerability Monitoring Service (VMS) – launched last year to “reduce cyber risks and speed up fixes” – has “cut cyber-attack fix times by 84%”.

The service, run by the Department for Science, Innovation and Technology (DSIT), was introduced as part of the ‘blueprint for modern digital government’ in January 2025.

Its creation “means serious security weaknesses in public sector websites are fixed six times faster – cutting the average time from nearly two months to just over a week”, according to the announcement. It is the first time the government has reported publicly on the service’s impact.

The VMS continuously scans 6,000 UK public sector bodies, detecting about 1,000 different types of cyber vulnerabilities, the government stated, adding that when a weakness is identified, the service alerts the relevant organisation with “specific, actionable” guidance and “tracks progress until the issue is resolved”.

“The vulnerabilities are in the Domain Name System (DNS) – the internet’s address book that turns website names into the numbers computers use to find them,” the government explained. ‘Weaknesses in DNS can allow attackers to redirect users to fraudulent sites, steal sensitive data, or take services offline entirely – with potentially serious consequences for anyone relying on government services.”

The government said that, before the service launched, “a weakness in a government DNS record could go unnoticed for nearly two months – long enough for a hostile actor to redirect someone trying to access a government service to a fake site designed to steal their personal details, intercept sensitive communications, or disrupt services that people rely on”. The VMS has “closed this window down to eight days”.

Government Cyber Unit

Central to the Government Cyber Action Plan is the creation of a Government Cyber Unit, located within DSIT.

This new unit will be responsible for driving cyber security and “resilience transformation” across government and the public sector.

“Cyber risk to the public sector remains high,” the government said in a press release accompanying the action plan.

“The plan responds with £210m (US$279m) to spark a step change in public sector cyber defences, holding organisations to account for fixing vulnerabilities. This includes setting clear minimum standards and investing in more hands-on support to minimise the impact when incidents do occur,” the release stated.

“Cyber resilience is central to the government’s mission of national renewal,” it continued. “Secure, reliable digital public services help protect citizens, support growth, and deliver better value for taxpayers, while maintaining trust in the services communities rely on every day.”

The National Cyber Security Centre, which is located in London, is the UK’s “technical authority” for cyber incidents. It is part of GCHQ, one of the UK’s security services, and was formed in 2016 to provide a unified national response to cyber threats.

This article was originally posted on the website of our sister title, Global Government Finance. Sign up to the Global Government Finance newsletter.

Source link