Police Scotland needs to invest £206 million in its computer systems to adequately tackle the threat of cyber crime, according to the force’s deputy chief officer.
Appearing before the SPA (Scottish Police Authority) board last month, David Page said the necessary improvements were now seven years overdue. He added:
What we try to be very clear on here is the risk of not doing this. Our officers and our staff have been struggling for six years with poor technology. It makes their job more difficult, it gives the bad guys an edge over us and it means that we don’t support the public as well as we should do.
If we don’t invest and we don’t make this improvement the gap is only going to get worse, which means we’re only going to fail to serve as we should do.
That’s with today’s situation. If we look at 2026 and the type of investment that criminals are making, serious organised crime is making, and the way that they exploit technology at pace, we will fall rapidly behind the curve.
Why has nothing been done?
Police Scotland had agreed to spend £46 million improving its computer systems in 2016, but the plan was scrapped after a series of errors, including disagreements over the project’s timeframe and budget.
Since then, Police Scotland has announced plans to cut 400 officers by late 2020 and place a greater emphasis on technology. However, Page indicates this won’t be possible unless Police Scotland makes substantial improvements to its current systems.
This is a problem that all organisations face. Technology evolves rapidly, so unless organisations regularly update their systems, they will fall behind accepted best practices. Meanwhile, cyber criminals are always looking for new ways to exploit technology.
Scottish Public Sector Cyber Resilience Framework
The Scottish Public Sector Cyber Resilience Framework aims to improve cyber security practices and promote cyber resilience in Scottish-based public-sector organisations.
The increase in large-scale cyber attacks and the introduction of the EU GDPR (General Data Protection Regulation) and the NIS (Network and Information Systems) Regulations have emphasised the need for decisive action to ensure that organisations stay safe. All public-sector bodies in Scotland must take urgent measures to develop cyber resilience.
One of the best ways for organisations to ensure they are following cyber security best practices is to certify to the UK government’s Cyber Essentials scheme.
Cyber Essentials certification enables organisations to:
- Demonstrate their security to clients, insurers, investors and other interested parties;
- Increase their opportunities, as they will have the necessary qualifications to bid for government contracts; and
- Save money, because insurance agencies look favourably on organisations with Cyber Essentials certification.
The scheme also helps organisations comply with the GDPR and other cyber security laws and frameworks.
Those who want to experience these benefits of the Cyber Essentials scheme should consider certifying via IT Governance. We are the leading CREST-accredited certification body and have awarded hundreds of certifications since the scheme began.