The UK publishes a new Government Resilience Action Plan

The UK Government Resilience Action Plan is a comprehensive strategy designed to enhance the nation’s preparedness, response, and recovery capabilities across a broad spectrum of risks, including biological security, catastrophic emergencies, and societal vulnerabilities. The policy emphasises a whole-of-society approach, with clear roles and responsibilities, leveraging digital systems and data-sharing tools to improve coordination among local, regional, and national responders.

The Resilience Action Plan sets out three main goals to be applied across all highlighted sectors: continuously assess how resilient the UK is, enable the whole of society to act and strengthen the core public sector. These goals are England specific but with the commitment to working with and across all UK nations.

Look into each objective:

Objective 1: Continuously assess how resilient the UK is to target interventions and resources

• • Assess UK resilience through three main actions:
    • Evaluate risks within the context in which they arise, identifying key risk drivers.
    • Identify weaknesses in current resilience systems to improve preparedness and response.
    • Develop a comprehensive, system-wide resilience assessment framework.
  • Key initiatives to deliver this:
    • Expand the Risk Vulnerability Toolkit to analyse crisis scenarios and identify vulnerable groups, improving emergency planning.
    • Publish a Chronic Risk Analysis with guidance for national and local resilience planning against long-term systemic risks.
    • Enhance data-sharing tools like the Risk Vulnerability Tool, RaIN, ResilienceDirect, and the National Situation Centre to improve decision-making and risk response coordination.
    • Measure resilience through a consolidated, data-driven resilience baseline, developed with the UK Resilience Academy.
    • Create a Cyber Resilience Index to assess cyber vulnerabilities across CNI sectors, informing targeted interventions under the upcoming Cyber Security and Resilience Bill.

Objective 2: Enable the whole of society to take action to increase their resilience

 Essential actions:

• Promote individual, household, community, and business preparedness through GOV.UK/Prepare and regular public updates.
• Publish annual public surveys to track risk perception and resilience levels.
• Engage VCFS groups to communicate key resilience messages and improve support for vulnerable communities.
• Strengthen partnerships between emergency responders and community organisations.
• Develop a CNI Knowledge Base to map vulnerabilities and interdependencies across the UK’s 13 Critical National Infrastructure sectors.
• Equip the private sector with preparedness guidance, targeted risk information, training via the UK Resilience Academy, and resilience tools like the Supply Chain Centre and Economic Security Advisory Service.

Objective 3: Strengthening the public Sector resilience system

Essential actions:

• • Clarify roles and responsibilities in the public sector resilience system through updated guidance, expectations, and legislation covering every stage of the risk management cycle.
  • Improve connectivity and coordination by upgrading digital tools (such as ResilienceDirect, RaIN, National Situation Centre) and increasing real-time data-sharing to support faster, more effective decision-making.
  • Enhance the quality of public sector resilience work through:
    • The Stronger LRF Trailblazers programme to pilot new models of local resilience leadership.
    • Expanded training and learning opportunities via the UK Resilience Academy.
    • Improved access to scientific, technical, and resilience expertise to inform emergency planning and response.

The Role of Cyber Resilience within the Resilience Action Plan:

Cyber security is positioned as a core component of the UK Government Resilience Action Plan, woven throughout its risk management, infrastructure protection, and public sector readiness objectives. The plan identifies cyber threats — particularly to Critical National Infrastructure (CNI) — as a fast-growing, complex risk with significant potential for national disruption.

To address this, the Plan references ongoing measures aimed at strengthening the UK’s cyber resilience. These include the Cyber Security & Resilience Bill and proposed legislation to counter ransomware threats.

One key announcement is the creation of a Cyber Resilience Index (CRI) which will holistically measure and target improvements in CNI cyber defences. The CRI’s main function will be to address the evolving nature of threats acknowledging that much of the UK’s CNI is struggling to keep pace with the shifting risk landscape.

To ensure the CRI is effective, government must clearly outline how it will align with the upcoming Cyber Security & Resilience Bill and ongoing government initiatives to improve the UK’s cyber resilience.

The plan also commits to improving data sharing, digital tools, and incident reporting mechanisms across government and responder organisations, while leveraging the UK Resilience Academy to expand cyber risk training and preparedness exercises. These efforts align with broader objectives to strengthen resilience against both acute incidents and chronic risks, recognising that as society becomes increasingly interconnected and technology-dependent, cyber resilience underpins the functionality of essential services, national security, and economic stability.

The Plan recognises the need for a whole-of-society approach to address cyber threats, through training, exercising and governance. techUK looks forward to working closely with government to represent the voice of industry during the implementation of the Plan.