CyberScotland Bulletin - May 2025 30/05/2025

CyberScotland updates

News from CyberScotland and our Partner network

Free cyber training for Scots colleges and unis

The Scottish Government has announced Cyber Resilience and You!, a free cyber training resource designed for students across Scotland that teaches them how to tackle cyber threats relevant to student life.

New CEO announced for Cyber and Fraud Hub

Alex Dowall has been announced as the new CEO of the Cyber and Fraud Hub as it approaches its first anniversary. Alex brings over 30 years of policing experience to his new role, including his time as a Detective Superintendent with Police Scotland. Alex will support the continued growth of the Hub.

Free cyber support for third sector

CyberScotland Partnership is partnering with the Scottish Council for Voluntary Organisations and IASME to offer third sector organisations in Scotland access to free expert cyber support to improve, or assure, their protective measures and help keep their organisation safe online. Availability is limited, so if you’d like to get involved apply now: https://iasme.co.uk/scvo-funded-initiative

Young Scot reveals Truth About Youth 2025 survey results

Young Scot has revealed the findings of its 2025 Truth About Youth survey, which covered a wide range of topics to provide an overview of the key issues facing 11 to 25-year-olds in Scotland right now. When asked if they had ever been a victim of a cyber crime, 13% said yes, 70% said no and the other 17% were unsure. Comments about the type of cyber crime faced included bullying, attempted bank account hacking, use of personal details, blackmail on social media and misleading costs online.

UK Government publishes Cyber Governance Code of Practice

The UK Government has published its Cyber Governance Code of Practice. This Code of Practice and wider governance package shows boards and directors how to manage digital risks and protect their businesses and organisations from cyber attacks.

UK Government launches Call for Views on Enterprise Connected Device Security

The UK Government has launched a Call for Views on the security of Enterprise Connected Devices also known as IOT devices. The include devices used by businesses and organisations such as office printers, internet-connected telephones, building entry systems and room booking systems. The call for views closes on 7 July 2025.

Cyber and Fraud Centre Scotland announce first strategic partner

The Cyber and Fraud Centre Scotland has announced its first strategic partner, Aspire Technology Solutions.  This partnership will see Aspire play a pivotal role in strengthening cyber resilience across Scottish organisations, with a particular focus on senior leadership through the Cyber Executive Education Programme.

Registration open now for Cyber Executive Education Programmes

The Cyber and Fraud Centre Scotland has announced the next in their Cyber Executive Education Programmes. These one day courses equip CEOs, Directors, and Non-Executive Directors with essential frameworks and best practices to manage cyber security-related risks, and aims to increase knowledge of potential threats to an organisation.

In other news…

Cyber security news from Scotland and the rest of the UK

Retail giants face delays and stock shortages after cyber attacks

The media has been filled with news of cyber attacks on retailers Marks & Spencer, Co-Op and Harrods. These attacks have resulted in stock shortages, issues with card payments and returns, staff not being able to access vital systems and much more. These are ongoing and the impacted organisations are updating customers and staff as and when possible.

Schools targeted by cyber attacks

The City of Edinburgh Council and West Lothian Council both experienced cyber attacks in schools this month, which affected students during exam season. Some students had to come into school at the weekend to reset passwords and had their exam revision disrupted.

Survey reveals businesses are deprioritising security

The Department for Science, Information and Technology’s (DSIT) Cyber Security Breaches Survey 2025 found that UK businesses are taking less responsibility for cybersecurity at the board level. Board-level responsibility for cyber security has steadily declined among businesses since 2021 (38% of businesses had a board member with responsibility for cyber security in 2021, compared to 27% in 2025).

Are passkeys the future?

For World Password Day earlier this month, Thales’ 2025 Digital Trust Index found that nearly half of customers would trust a brand more if they adopted passkey technology. The UK Government is pioneering a global move away from passwords and the NCSC has joined the FIDO Alliance to shape international passkey standards The FIDO Alliance has now officially rebranded the day as World Passkey Day.

New report reveals gaps in cyber-resilience

As AI technologies fuel increasingly sophisticated attack methods, 59% of executives say it is becoming harder for employees to distinguish between real and fake threats. Level Blue unveiled its 2025 Futures Report: Cyber Resilience and Business Impact report also found that AI continues to generate excitement and transformative potential, as organisations are pressing ahead with innovation, despite heightened security concerns. According to the report, 29% of executives say they are reluctant to implement AI tools and technologies due to cybersecurity risks.

Romance scams rise by 20%

Romance scam reports have risen 20% in the first quarter of 2025 year-on-year. Barclays found that one in ten UK adults have been targeted by a romance scam, or know someone who has been targeted. On average last year, victims lost £8,000, which increased to £19,000 for those 61 and over.

Find out how to protect yourself: https://www.cyberscotland.com/secure-finance/

NatWest is facing 100 million cyber attacks every month

NatWest banks, including Royal Bank of Scotland, are facing 100 million cyber attacks attempting to breach its defences every month, Holyrood's Criminal Justice Committee has been told.

The CyberScotland bulletin is a monthly roundup of news and updates on cyber security and resilience with a particular focus on Scotland. Feel free to forward it to anyone in your network who might benefit from it.

Please ensure you only take information from trusted sources. The NCSC has a useful glossary of cyber terms you may wish to reference while you read the bulletin.

Follow CyberScotland on social media for more regular updates:

Copyright © 2024 CyberScotland Partnership, all rights reserved.
You are receiving this email as you are subscribed to CyberScotland Bulletins.