On 15 January 2026, Minister Liz Lloyd, the UK’s Minister for the Digital Economy, addressed the launch of the Software Security Ambassadors Scheme, highlighting the urgent need for strong software security and cyber resilience.
She opened by recalling a stark example from September last year: a ransomware attack on a major software supplier used by airports across Europe.
The attack didn’t target airports directly, but its impact was immediate and widespread.
Overnight, critical systems failed, flights were delayed, and staff had to resort to pen and paper. Thousands of travelers, workers, and families were affected.
This incident underscored a simple truth: a single weak link in software can ripple across entire sectors.
The Rising Cost of Cyber Breaches
Cyber attacks are no longer rare events.
In the UK, 43% of businesses experienced a breach or cyber attack in the past year, costing the economy an estimated £15 billion annually, roughly 0.5% of GDP.
As Minister Lloyd noted, the digital economy—including AI—offers enormous potential.
But growth depends on trust.
People need confidence that the technologies they use are safe, their data is secure, and businesses can operate without fear of disruption.
In other words, software security isn’t just technical—it’s a commercial imperative.
UK Cyber Security Strengths and Government Action
The UK is starting from a strong position.
Our cyber sector is the third largest in the world, with clusters of expertise in Cheltenham, Manchester, Belfast, and across Scotland.
Backed by over £210 million, the new Government Cyber Action Plan sets out strategies to strengthen digital resilience across the public sector.
Meanwhile, the Cyber Security and Resilience Bill aims to safeguard critical national infrastructure.
Letters have also been sent to FTSE 350 companies and smaller businesses, encouraging adoption of measures like Cyber Essentials, which reduce cyber insurance claims by 92%.
Global Standards and Codes of Practice
The government has partnered with the National Cyber Security Centre (NCSC), UK firms, and international organizations to set global standards for secure technology.
Initiatives like the AI Cyber Security Code of Practice and the PSTI ACT have already raised the bar for secure software and consumer devices.
Minister Lloyd emphasized that as software underpins nearly every critical service—from healthcare to transport to national security—it’s fundamental to public trust and resilience.
In May last year, the Department for Science, Innovation and Technology and the NCSC published the Software Security Code of Practice, outlining minimum security expectations for software suppliers.
Building a Culture of Cyber Security
Security isn’t just about rules; it’s about culture.
Currently, only 21% of organizations consider cyber security when buying software.
Lloyd argued that relying solely on regulation or waiting for businesses to act isn’t enough.
Instead, the UK can celebrate industry leaders who are already modeling best practices—companies with dedicated cyber experts, strong communication between buyers and sellers, workforce training, and accountable leadership.
Launching the Software Security Ambassadors Scheme
To champion this culture, the Software Security Ambassador Scheme was launched.
Thirteen leading organizations have committed to the Code of Practice, including software vendors like Sage, Cisco, and Palo Alto Networks; buyers like Lloyds and Santander; and expert advisors such as Accenture, NCC Group, ISACA, ISC2, and Salus Cyber.
The goal is clear: spread best practices across the software sector, setting a voluntary standard much like the WHO’s hand hygiene code, which has become a global benchmark without legal enforcement.
A Clear Path Forward
The Code of Practice lays out 14 principles for secure software, providing a common understanding between vendors and buyers.
It’s already being implemented in the NHS, helping the public sector lead by example.
Minister Lloyd highlighted that success here could set a new international benchmark, boosting UK prosperity, growth, and resilience.
She concluded by reminding everyone that strong cyber security is about more than technology—it’s about protecting people, supporting businesses, and creating a safer, stronger future for the country.
Share on Facebook «||» Share on Twitter «||» Share on Reddit «||» Share on LinkedIn