Why cyber criminals pose a real risk to Scotland’s renewable energy boom

This week is CyberScotland Week, an annual event which sees individuals, organisations and communities from across Scotland coming together to host their own events and share information, all with the aim of improving the country’s collective cyber resilience.

Now in its seventh year, the event comes as the threat of cyber attacks – to people, businesses and our communities – rises relentlessly. In 2023 and 2024, Police Scotland recorded an estimated 16,890 cyber-crimes – that’s an average of more than 20 a day, and a 13 per cent increase on the total in 2022 and 2023.

The theme of CyberScotland Week this year is “can’t hack it?!?” which, instead of focusing on the threat, emphasises the simple, everyday actions all of us can, and must, take to make us more cyber resilient.

Big plans

The Scottish Government has ambitious aims to make Scotland a leader in the global growth sectors of renewable energy and digital technology.

Work is well underway to establish the infrastructure that’s necessary to make this vision a reality: GB Energy is set to be headquartered in Aberdeen as renewable energy projects are delivered at pace across the country; and figures recently showed that tech start-ups on a Scottish Government scheme raised £66 million in public and private investment over the last year, while UK Prime Minister Keir Starmer last month noted Glasgow’s potential to become an AI hub.

But Scotland will not be able to grasp these opportunities, let alone reap the resulting benefits, without robust cyber security and resilience against the accelerating threats.

Scotland is not alone in facing this – it is an escalating global concern. As the world becomes increasingly digitally connected, not only is the risk increasing, but the very nature of cyber attacks is evolving.

Threefold rise in severe cyber attacks

With critical infrastructure, supply chains, business operations and people’s everyday lives becoming more and more digitalised every day, we see how cyber attacks can – and do – impact more than just IT systems and data.

Our work to combat the threat is also part of the UK-wide effort to strengthen the nation’s security. By October 2024, the UK’s National Cyber Security Centre (NCSC) reported that it had already responded to 50 per cent more nationally significant incidents that year compared to 2023, as well as a threefold increase in severe incidents.

Just last month, the National Audit Office published a report which warned that the cyber threat to the UK Government is “severe and advancing quickly”, that the government’s cyber resilience levels are lower than it previously estimated, and that building resilience is vital. The Scottish Government works closely with the NCSC and law enforcement partners to coordinate our efforts to address this crisis.

At home in Scotland, the high-profile attack on NHS Dumfries and Galloway last year is just one of countless examples of the threats we face, in particular to our critical national infrastructure. And the impacts of such attacks are stark: the University of the West of Scotland, which was hit in 2023, recently revealed that the attack was a major contributor to the £14m budget deficit it posted for its last financial year.

Training to face the threats

But we have made significant progress in recent years. During 2023 and 2024, 77 per cent of public sector boards received appropriate training on cyber awareness, helping to ensure that cyber risk is being managed as a business risk at senior levels. Our public sector IT staff are receiving training too, with over 290 courses accessed for certified cyber upskilling through a Scottish Government-backed fund, strengthening our skills base across Scotland.

In the private sector, the Cyber and Fraud Centre Scotland launched the cyber MOT at the end of last year, a free tool that is helping budget-conscious businesses identify the gaps in their online defences.

Government and law enforcement clearly have a significant, leading role to play, but we cannot face this challenge alone: cyber security is a challenge that demands vigilance, collaboration, and proactive engagement from all sectors and stakeholders. That includes businesses in all industries, and people from all walks of life.

The more we embed and normalise cyber-secure behaviours in our work and personal lives, the better equipped we will all be to face the cyber threat head on, together. At a national level, the Scottish Cyber Coordination centre has been established to better coordinate national incidents, and share early warnings of threats and intelligence.

A shared duty

In today's interconnected world, cyber resilience is not just government’s responsibility but a shared duty for all individuals and organisations. While government initiatives and regulations play a crucial role in safeguarding our digital infrastructure, the reality is that we cannot achieve this alone. Every citizen, business, and community must actively participate in building a culture of cyber awareness and resilience.

By collectively adopting best practices, staying informed about emerging threats, and taking proactive steps to protect our digital assets, we can create a robust defence against cyber threats.

Cyber security is everyone's responsibility, and together, we can make Scotland a digitally secure, resilient and prosperous nation.

Alan Gray is head of national cyber security and resilience at the Scottish Government. CyberScotland Week 2025 runs until Sunday, March 2