The UK government has delayed publication of its National Cyber Action Plan after Prime Minister Keir Starmer’s resignation, Recorded Future News reported, citing multiple people familiar with the matter.
The plan had been scheduled for release on Monday. It is now caught in the mess around Labour’s leadership contest, which opens July 9. That matters because the document is meant to set out how ministers intend to defend the wider economy against state-backed hackers and criminal crews, a problem that has already moved well beyond the IT department.
A government spokesperson told Recorded Future News that ministers still intend to publish the plan. The spokesperson said the government was acting on national security by progressing the Cyber Security and Resilience Bill, promoting the National Cyber Resilience Pledge and supporting organizations through the National Cyber Security Centre.
One piece of the launch is still expected to happen. Several FTSE 350 companies are due on Tuesday to sign the Cyber Resilience Pledge, a voluntary commitment to improve cyber defenses.
A strategy became an action plan
The document began life as an update to the UK’s 2022 National Cyber Strategy. Pat McFadden, then chancellor of the Duchy of Lancaster, had said it would arrive before the end of 2025. By April 2026, Security Minister Dan Jarvis was talking about publication “this summer,” and the work had been recast as an action plan.
McFadden made the earlier announcement in Manchester. The city’s then-mayor, Andy Burnham, is now the frontrunner to replace Starmer after the Makerfield by-election that preceded the prime minister’s resignation, according to Recorded Future News. No other candidates had entered the race at publication.
The postponement adds to a familiar UK cyber policy pattern: long gestation, political interruption, then another delay. The Cyber Security and Resilience Bill, which updates critical infrastructure cyber rules, took more than four years to reach Parliament and is not expected to be enforced until 2028. Its central provisions had been prepared in 2022 under Rishi Sunak, but the bill was not introduced then. Starmer’s government later moved to bring it forward in September 2025, before another delay during a cabinet reshuffle.
Ransomware policy has slipped too. Proposals for mandatory reporting by victims, a licensing system for extortion payments and a ban on ransom payments by critical infrastructure operators were due for consultation in mid-2024, before Sunak called a general election.
What the plan is expected to cover
The government has not published the plan’s contents. Recorded Future News reported that it is expected to have three pillars: threat, growth and resilience.
Richard Horne, chief executive of the NCSC, gave the clearest public steer in a June lecture at the Royal United Services Institute. Horne described three areas for cyber defense: the “near” space of individual organizations, the “far” space of action against adversaries and the “mid” space of cloud, technology and telecoms infrastructure, much of it privately owned.
Horne said the NCSC wanted a National Cyber Defense Capability to connect intelligence and action across those areas in real time. He also said that between June 2024 and May 2026, the NCSC handled more than 200 incidents affecting critical national infrastructure and its supply chain, with 75% linked to state actors.
The Cyber Resilience Pledge asks companies to make cyber risk a board-level issue, join the NCSC’s Early Warning service and require Cyber Essentials certification across supply chains. Ministers have written to hundreds of firms, including every FTSE 350 company, asking them to sign.
Recent incidents have made the policy drift harder to ignore. The Russia-linked Qilin group’s ransomware attack on Synnovis disrupted London hospitals during the 2024 election campaign. In September 2025, a cyberattack halted Jaguar Land Rover production for more than a month. The Cyber Monitoring Centre estimated that incident cost the UK economy £1.9 billion and affected more than 5,000 organizations in JLR’s supply chain.
This story draws on original reporting from The Record.