CyberScotland updates
News from CyberScotland and our Partner network
CyberScotland Partnership appoints new Chair
The CyberScotland Partnership has appointed Theresa Swayne, Head of digital economy at Highlands and Islands Enterprise, as its new Chair. Theresa succeeds Karen Meechan and brings experience in digital transformation, economic development and cyber resilience across Scotland’s public and private sectors. She said she was especially pleased to take on the role, given that Highlands and Islands Enterprise is one of the Partnership’s founding members, and that she looks forward to helping drive forward Scotland’s ambition to be one of the most cyber resilient nations in the world.
Five Eyes cyber agencies issue joint warning: AI is transforming the threat landscape - and leaders must act now
The cyber security agencies of the UK, US, Australia, Canada and New Zealand have published a warning that AI is fundamentally transforming cyber risk - and that the window for organisations to act is measured in months, not years. The statement, issued on 22 June, calls on boards and senior leaders to treat cyber resilience as a core business responsibility rather than a technical one, warning that frontier AI models are already lowering the barrier for attackers and accelerating the speed and complexity of threats.
SCVO: AI use has surged in charities, but safety debate shows digital challenges run deeper
A new blog from SCVO has found that over 90% of charity staff now say they are using AI in their work - up from around 33–45% just a year ago. But while individual use has taken off, most organisations still have no AI policy or strategy in place, meaning staff are experimenting in isolation rather than sharing what they learn. SCVO's digital lead John Fitzgerald argues that the fix is straightforward: make AI experiments a team activity, share both successes and failures, and use a simple scorecard to capture what works. In addition to John’s advice on AI, the NCSC advice is on ensuring that cyber threat is a core business responsibility.
CYBERUK 2026 – CyberScotland Pavilion and CyberScotland Street
CYBERUK is the UK government’s annual flagship cyber security conference delivered by the National Cyber Security Centre. It is an opportunity for cyber security leaders and technical professionals to shape the future of the cyber security ecosystem across the UK and beyond.
CYBERUK 2026 was held at the SEC in Glasgow between 21-23 April 2026. The Scottish Government was proud to support the event through sponsoring CyberScotland Street and Pavilion which showcased Scottish-based cyber security companies and the CyberScotland Partnership. It showcased our collaborative efforts to make Scotland a cyber resilient nation.
Watch our video recap of the event, including interviews with industry leaders about the challenges and opportunities facing Scotland: https://www.cyberscotland.com/cyberuk
Glasgow firm behind relaunch of national police cyber monitoring platform
Glasgow-based IT consultancy Waterstons has led the relaunch of Police CyberAlarm, a free national service run by the City of London Police and used by Police Scotland that helps organisations monitor for and report suspicious cyber activity. The updated platform introduces a more straightforward registration process, new scanning tools to check for weaknesses in internet-facing systems and public websites, and improved reporting. In its first month, thousands of organisations signed up, reflecting strong demand for accessible, no-cost cyber protection. Organisations across Scotland can register at cyberalarm.police.uk
NCSC chief warns hostile states behind three-quarters of attacks on UK critical services
Speaking at the RUSI Annual Security Lecture on 17 June, National Cyber Security Centre (NCSC) Chief Executive Dr Richard Horne revealed that more than 200 cyber incidents affecting the UK’s critical infrastructure were managed by the NCSC in the year to May 2026, with around 75% believed to be linked to state actors including Russia, China and Iran. Horne argued that cyber security should no longer be treated as a “risk to be managed” but as an active contest, warning that vulnerabilities organisations tolerate today will be exploited in future conflict. He also cautioned that AI is likely to accelerate the threat, with the NCSC assessing it as “highly likely” that AI-enabled attacks will target weaknesses in ageing UK infrastructure by 2028.
SCVO calls on Scotland's charities to treat digital confidence as a core responsibility
SCVO has published its fourth digital Call to Action, setting out a practical roadmap for how Scotland's voluntary sector can strengthen its digital capability in 2026 and beyond. The report argues that digital and technology are no longer optional or back-office concerns but shape how people find help, how services are delivered, how trust is built and how risk is managed. On cyber security specifically, the Call to Action urges charity boards to treat it as a governance priority rather than an IT problem, warning that cyberattacks are becoming more widespread and sophisticated and that losing access to core digital services would pose a catastrophic risk for most organisations. The report sets out eight themes for action - from AI and data governance through to infrastructure and communications - with practical guidance tailored to organisations of all sizes.
Scottish SMEs still underestimating cyber threat, firm warns on tenth anniversary
Stirling-based cyber security firm Net-Defence is marking its tenth anniversary with a warning that too many Scottish small businesses are still delaying investment in cyber security, assuming they are too small to be a target, or relying on protections that are out of date. In a blog published by ScotlandIS, the firm notes that AI is raising the bar, enabling criminals to run more convincing and more frequent phishing attacks at a scale that was not possible even two or three years ago. The warning comes despite a year of high-profile incidents that demonstrated in clear financial terms the cost of being underprepared. Remember that the NCSC offers a free toolkit for businesses to think about the cyber risks. Link here: Cyber Action Toolkit