Cyber safe Scotland: understand current resilience and risks for your organisation
Tuesday 02nd December 2025
Scotland’s essential services are now a constant target for increasingly sophisticated cyber attackers. While the public sector is often the primary victim, the impact of these attacks cascades far beyond councils, health boards and emergency services. They can disrupt private sector supply chains, voluntary organisations and critical national infrastructure. The challenge for organisations in Scotland is to build a unified, cross-sector approach to defending the digital front line to minimise future major breaches.
Across Scotland cyber-attacks are growing in frequency, complexity and scale. Local authorities face attempted intrusions on a daily basis. NHS systems have already been brought down by ransomware, and public sector suppliers have been compromised to gain access to sensitive data. Adversaries range from organised criminal networks to state-sponsored actors, and the costs of a breach – financial, operational and reputational – are escalating. This is not simply an IT problem – it is a threat to service delivery, public trust, private business, third sector services and societal stability.
The reality is that the public sector’s cyber vulnerabilities are often magnified by its dependence on digital services, complex legacy systems and a vast network of third-party providers. Weaknesses in one organisation can provide a gateway into others, making supply chain and procurement security as important as defending internal systems. Without coordinated intelligence sharing and clear incident response capabilities, Scotland’s ability to contain the damage from cyber incidents is diminished.
Meanwhile, the human factor remains the most common entry point for cyber attackers. Phishing emails, credential theft and social engineering are exploiting gaps in awareness and training across every sector. Building a cyber-aware workforce is not just about technical skills – it is about embedding security culture into everyday decisions made by staff, managers, executives and boards.
At a time when public services are already under unprecedented operational and financial pressure, cyber resilience is both a defensive necessity and a matter of national security. To protect the continuity of health, education, transport, housing and social services, leaders must treat cyber threats as an urgent and shared challenge requiring joint action within and between public, private and the third sectors.
This conference examines the nature of the threats we face, how to respond when an incident occurs and what actions need to be taken to promote prevention and defence in cyber security before the worst can happen. It considers these themes in three sessions:
- Reviewing the threat landscape and intelligence
- Delivering incident response and continuity
- Developing and embedding a cyber-resilient culture
Topics to be discussed
- Reviewing the threat landscape and intelligence
- Emerging threat vectors
- The importance of threat intelligence and sharing
- Addressing specific threat profiles
- Delivering incident response and continuity
- Practical incident response
- Achieving business continuity post-incident
- SME and third sector resilience opportunities
- Developing and embedding a cyber-resilient culture
- The role of leadership and governance
- Cyber-aware workforce – critical first line defence
- Secure-by-Design procurement and tech
Who should attend
This conference is intended for all those with a role related to cyber security, resilience, business continuity and information security in any organisation in Scotland including, but not limited to,:
- Chief Executives, Directors and Board Members from public bodies, private companies, and third sector organisations
- CIOs, CISOs, Heads of IT, and Digital Transformation Leaders
- Risk, Governance and Compliance Officers
- Heads of Procurement, Supply Chain Managers and Contract Managers
- Senior Policy Makers in digital security, resilience and emergency planning
- Local authority leaders and service managers
- NHS board members, clinical directors and operational managers
- Police, fire and emergency service leaders
- Infrastructure and utilities providers
- Cyber security consultants, analysts, and training providers
Agenda
Tuesday 02nd December 2025
09:25 Chair's opening remarks
Session 1: Reviewing the threat landscape and intelligence
09:30 Keynote speaker – emerging threat vectors
- Rise of ransomware targeting public healthcare and charities
- Nation-state tactics against critical infrastructure
- Supply-chain attacks affecting SMEs
09:45 Question and answer session
09:55 The importance of threat intelligence and sharing
- Real-time alerting via National Cyber Security Centre
- Public-private sharing through CyberScotland Partnership
- Police Scotland intelligence coordination
10:10 Addressing specific threat profiles
- Healthcare ransomware incidents
- Cyber risks in local government systems
- Charity sector digital vulnerabilities
10:25 Question and answer session
10:40 Comfort break
Session 2: Delivering incident response and continuity
10:55 Practical incident response
- Designing and testing cyber incident playbooks
- NHS Scotland SOC procedures
- NCSC-Police Scotland coordinated response
11:10 Achieving business continuity post-incident
- Restoring public services after disruption
- Insurance claims and managing communications
- Learnings from NHS/charity cyber incidents
11:25 SME and third sector resilience
- Tailored incident plans for SMEs and charities
- Adoption of Cyber Essentials and CyberScotland tools
- Mutual-aid networks and community resilience
11:40 Question and answer session
11:55 Comfort break
Session 3: Developing and embedding a cyber-resilient culture
12:10 The role of leadership and governance
- Board-level cyber risk governance
- Aligning with ISO 27001 & cyber frameworks
- Scottish Government’s strategic oversight
12:25 Cyber-aware workforce – critical first line defence
- Staff engagement through training and simulations
- Embedding cyber in education and adult learning
- Cross-sector upskilling initiatives
12:40 Secure-by-Design procurement and tech
- Integrating cyber clauses into public tenders
- Vetting cloud and software providers
- Promoting secure DevOps and system architecture
12:55 Question and answer session
13:10 Chair's closing remarks
Speakers
Venue
This conference takes place online.
Fees
How to book
You can book to attend in 3 ways:
- Select book now on the right hand side of this page, fill in the form on that page and click the 'send booking' button
- Call 0131 556 1500
- Email mail@mackayhannah.com
Conference fees
- Delegate fee (includes video recording of the conference) – £169 +VAT
- Group discount – organisations booking 3 or more delegates will receive every third delegate place at half price (please complete further forms if necessary)
Please note – It is not permissible to share the recording. Please contact us if you wish to share it. See our terms and conditions for further information.
Payment
We do not currently accept payments online and will send you an invoice.
You have the option to pay by bank transfer or card.
Bank details will be included on the invoice.
If you wish to pay by card, please tick the appropriate box on the booking form and a member of our staff will contact you by telephone to take the payment. Alternatively you may call 0131 556 1500.
Terms and conditions
By placing this booking, you agree to our full terms and conditions – including those relating to cancellations – found via the link at the foot of our website.
