UK’s National Cyber Action Plan Delayed Amid Labour Leadership Crisis

Published:

spot_img

UK’s National Cyber Action Plan Delayed Amid Labour Leadership Crisis

Britain’s National Cyber Action Plan, a crucial initiative aimed at bolstering the economy against state-sponsored and criminal cyber threats, has been postponed once more following the resignation of Prime Minister Keir Starmer. This delay has raised concerns about the government’s commitment to cybersecurity amid political upheaval, as the Labour Party prepares for a leadership contest set to commence on July 9.

The plan was originally slated for publication on Monday, but sources indicate that the uncertainty surrounding the Labour Party’s leadership transition has prompted this latest postponement. A government spokesperson reaffirmed the administration’s dedication to releasing the National Cyber Action Plan, emphasizing that “protecting national security is our first duty.” The spokesperson highlighted ongoing efforts to enhance cybersecurity through the Cyber Security and Resilience Bill and the national Cyber Resilience Pledge, which aims to improve the security posture of businesses across the country.

Despite the delay, a significant component of the initiative is expected to proceed. On Tuesday, several FTSE 350 companies are anticipated to sign the Cyber Resilience Pledge, a voluntary commitment designed to strengthen their digital defenses.

Background and Context

Initially conceived as an update to Britain’s National Cyber Strategy 2022, the National Cyber Action Plan was first promised by then-Chancellor of the Duchy of Lancaster, Pat McFadden, with a target release date before the end of 2025. By April 2026, the timeline had shifted to “this summer,” as stated by Security Minister Dan Jarvis, and the document was rebranded from a “strategy” to an “action plan.”

McFadden’s announcement took place in Manchester, the city whose former mayor, Andy Burnham, is now the frontrunner to succeed Starmer following the Makerfield by-election that preceded the Prime Minister’s resignation. As of now, no other candidates have emerged for the leadership position.

The National Cyber Action Plan represents yet another element in the British government’s broader cybersecurity policy framework that has faced delays, raising alarms about potential political disinterest in cybersecurity issues.

The Cyber Security and Resilience Bill, which aims to update the country’s critical-infrastructure cyber laws, took over four years to reach Parliament and is not expected to be enforced until 2028—ten years after the NIS Regulations it was intended to replace. The core provisions of the CSRB were completed in 2022 under Rishi Sunak’s administration, which inaccurately described the laws as “updated” before failing to include them in that year’s King’s Speech, ultimately leaving the draft bill unintroduced.

When Starmer’s government initially sought to advance the bill in September 2025, it faced another delay amid a cabinet reshuffle. Additionally, a set of ransomware proposals—including mandatory reporting for all victims and a licensing regime for extortion payments—was scheduled for consultation in mid-2024 but was derailed when Sunak called a general election.

Political Implications

The ongoing delays are likely to exacerbate concerns that cybersecurity is not a priority within Westminster. During the 2024 election campaign, a ransomware attack on the pathology provider Synnovis, attributed to the Russia-linked Qilin group, forced London hospitals to declare a critical incident, resulting in the cancellation of operations and appointments. Despite the incident’s significance, neither of the main political parties addressed the attack in detail during their campaigns.

Jamie MacColl, a research fellow at the Royal United Services Institute, noted that until a major incident occurs, cybersecurity is unlikely to receive the attention or political will it requires. Tim Stevens, who leads the cybersecurity research group at King’s College London, remarked that cybersecurity has “always been a de-politicized” issue in Britain, often treated as “low politics.” He cautioned that once cybersecurity becomes a political issue, failure to address it could have severe repercussions.

In September 2025, a cyberattack on Jaguar Land Rover, one of the UK’s largest manufacturers, halted all vehicle production for over a month. The Cyber Monitoring Centre labeled this incident as the most economically damaging cyber event in UK history. The shutdown reportedly cost the British economy £1.9 billion ($2.5 billion) and affected over 5,000 organizations within JLR’s supply chain. The company itself later disclosed losses of £680 million ($896 million). The government intervened to underwrite a £1.5 billion ($2 billion) loan to assist JLR in supporting its suppliers, even as the Cyber Security and Resilience Bill remained unintroduced.

Structure of the National Cyber Action Plan

While the specific contents of the National Cyber Action Plan have not been officially disclosed, it is understood to focus on three key pillars: Threat, Growth, and Resilience. The most public indication of the government’s approach emerged from a lecture delivered by Richard Horne, chief executive of the National Cyber Security Centre (NCSC), to the Royal United Services Institute (RUSI) in June, just weeks before the plan’s intended launch.

Horne emphasized the need for a comprehensive strategy across what he termed the “near, mid, and far spaces” of cyberspace. The “near space” pertains to the defense of individual organizations, while the “far space” involves offensive actions against adversaries. The “mid space” encompasses shared cloud, technology, and telecommunications infrastructure, much of which is in private hands. In this context, the government aims to partner with providers to “harden the mid space and disrupt attacker activity.”

Horne also indicated that the NCSC is working toward a National Cyber Defense Capability to synchronize intelligence and actions across the far, mid, and near spaces in real time. Between June 2024 and May 2026, the NCSC managed over 200 incidents affecting critical national infrastructure, with 75% linked to state actors.

Another significant aspect of the action plan is the Cyber Resilience Pledge, which will require companies to elevate cybersecurity to a board-level responsibility, participate in the NCSC’s Early Warning service, and obtain Cyber Essentials certification across their supply chains. Government ministers have reached out to the chairs and chief executives of hundreds of firms, including all FTSE 350 companies, urging them to sign the pledge. The launch event on Tuesday is still expected to proceed, although the attendance of these companies remains uncertain.

Source: therecord.media

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.

spot_img

Related articles

Recent articles

North Korea-Linked npm Packages Masquerade as Rollup Polyfills to Exfiltrate Developer Secrets

North Korea-Linked npm Packages Masquerade as Rollup Polyfills to Exfiltrate Developer Secrets Recent cybersecurity developments have revealed a new wave of malicious npm packages linked...

HPE Advances Virtualisation Strategy to Combat Rising Costs and Meet AI Demands

HPE Advances Virtualisation Strategy to Combat Rising Costs and Meet AI Demands As enterprises grapple with escalating licensing costs, increasing demands for artificial intelligence (AI),...

Lenovo Strengthens Security Services with Revamped Cyber Resiliency Framework to Cut Downtime by 50%

Lenovo Strengthens Security Services with Revamped Cyber Resiliency Framework to Cut Downtime by 50% Lenovo is enhancing its global Security Services portfolio with a comprehensive...

US Lifts Export Controls on Anthropic’s Fable 5 Cybersecurity AI Model After Three-Week Shutdown

US Lifts Export Controls on Anthropic's Fable 5 Cybersecurity AI Model After Three-Week Shutdown In a significant development for the cybersecurity landscape, Anthropic has restored...