The UK’s Cyber Security & Resilience Bill and Government Cyber Action Plan mark a pivotal moment in our collective approach to digital resilience. At Cisco, we’re honored to serve as an ambassador for their Software Security Code of Practice, a voluntary initiative that addresses one of the most pressing challenges facing both public and private sectors: securing the software supply chain.

The Challenge We Face Together

Running global networks today is more complex and challenging than ever, creating new vulnerabilities and rendering legacy vulnerabilities more exposed. Much of the network infrastructure currently in use was designed, built, and deployed decades ago, without anticipating today’s hostile security environment.

This challenge is compounded by many organizations not updating or maintaining their network infrastructure, missing critical opportunities to fix known vulnerabilities, and apply the latest security best practices. A recent Cisco-commissioned report found that 48% of network assets worldwide are aging or obsolete, creating significant technical debt that diverts budgets toward maintenance rather than modernization.

As the UK Department for Science, Innovation and Technology notedin their announcement, more than half the surveyed organizations experienced software supply chain attacks. The challenge extends beyond the software supply chain to how we build software, ensuring it is designed to be resilient against attacks and flaws, and that the code is written with strong security principles from the outset. It is about making secure usage straightforward for customers and embedding security deeply into the development lifecycle. As a software provider, we take our role in the software supply chain seriously and are actively working to help ensure the highest possible levels of security.

Strengthening Resilient Infrastructure

Our ambassador role is a natural extension of our commitment to secure software development and resilient infrastructure. We’re focused on enhancing the security posture of our products and thereby improving the security of customers’ networks, following the principle of “eating our vegetables”: doing the basics right to reduce attack surfaces and raise default security settings across our portfolio. We’re working to remove legacy insecure features, introduce advanced security capabilities, and enable better detection and response.

What’s at Stake

A weakness in a single software component can compromise entire networks. The modern digital ecosystem is built on layers of software dependencies, each representing a potential entry point for attackers. We can no longer afford to treat software security as an afterthought or a competitive differentiator. It must be a baseline expectation.

Vulnerabilities in software do not just pose abstract technical risks—they can disrupt essential services that people rely on daily, from accessing healthcare and social benefits to managing their businesses and livelihoods. When software fails to function securely and reliably, it can threaten public safety, economic stability, and trust in digital systems. This reality demands that we treat software security as a critical societal responsibility, ensuring that the digital infrastructure supporting our communities is resilient, trustworthy, and designed to protect people’s lives and well-being.

The Path Forward

The UK Government’s Cyber Action Plan is backed by £210 million investment and the creation of the Government Cyber Unit, signaling serious intent to transform the UK’s public sector cyber resilience. But governments can’t do this alone, nor should they.

The software that powers our economy crosses the boundaries between every sector. Banks, hospitals, utilities, retailers, and government agencies all depend on robust, secure software. By establishing common baseline practices through the Code of Practice, we raise our defenses across all industries and sectors.

As ambassadors, we’ll be working with peers across industries to share insights, tackle common challenges, and advocate for practical approaches that work in the real world. We’ll provide feedback to policymakers based on implementation experience, helping to shape future iterations of the Code and potentially informing regulatory frameworks down the line.

A Shared Responsibility

Cybersecurity has never been more critical to our way of life. As the UK Government rightly emphasizes in its action plan, trust in digital services underpins everything from economic productivity to access to essential services.

Building that trust requires collective action. It requires software vendors to prioritize security, governments to set clear expectations and provide support, and organizations of all sizes to implement robust security practices. The Software Security Code of Practice provides a common framework for this collaboration.

At Cisco, we’ve always believed that security is a team sport. No single company, no matter how large or sophisticated, can solve these challenges in isolation. By serving as an ambassador for the Code of Practice, committing to resilient infrastructure, and pursuing projects like Project CodeGuard (an open-source, model-agnostic security framework that embeds secure-by-default practices into AI coding agent workflows), we’re reaffirming our commitment to that principle.

The UK Government has set an ambitious agenda for digital transformation and cyber resilience. We’re proud to stand alongside them and our fellow ambassadors from across the technology sector to turn that ambition into reality.

In the end, secure software and resilient infrastructure aren’t just good business; they’re the foundation upon which we build the digital services that millions of people depend on every day.

---

We’d love to hear what you think! Ask a question and stay connected with Cisco Security on social media.

Cisco Security Social Media

LinkedIn Facebook Instagram X