The UK’s Cyber Security and Resilience Act and the Government’s Cyber Action Plan represent a key moment in our collective approach to digital resilience. At Cisco, we are honored to serve as an ambassador for their Software Security Code, a voluntary initiative that addresses one of the most pressing challenges facing the public and private sectors: software supply chain security.
A challenge we face together
Operating global networks today is more complex and demanding than ever, creating new vulnerabilities and exposing older ones. Much of the network infrastructure in use today was designed, built and deployed decades ago without anticipating today’s hostile security environment.
This problem is exacerbated by the fact that many organizations do not update or maintain their network infrastructure, missing important opportunities to patch known vulnerabilities and apply the latest security best practices. A recent report commissioned by Cisco found that 48% of network technical assets worldwide are aging or obsolete, creating significant debt that is diverting budgets to maintenance rather than modernization.
As the UK Department for Science, Innovation and Technology said in its announcement, more than half of the organizations surveyed had experienced attacks on their software supply chain. The challenge extends beyond the software supply chain to how we build software, ensuring it’s designed to be resilient to attacks and bugs, and that code is written with strong security principles from the ground up. It’s about making secure use simple for customers and embedding security deep into the development lifecycle. As a software provider, we take our role in the software supply chain seriously and actively work to help ensure the highest possible level of security.
Strengthening resilient infrastructure
Our ambassador role is a natural extension of our commitment to ensure software development and resilient infrastructure. We are focused on improving the security posture of our products, and thereby improving the security of our customers’ networks, by following the principle of “eating our vegetables”: doing the basics right to reduce attacks and increase default security settings across our portfolio. We are working to remove legacy insecure features, introduce advanced security features, and enable better detection and response.
What’s at stake?
A weakness in one software component can compromise entire networks. The modern digital ecosystem is built on layers of software dependencies, each of which represents a potential entry point for attackers. We can no longer afford to treat software security as an afterthought or a competitive differentiator. It has to be a basic expectation.
Software vulnerabilities are not just abstract technical risks – they can disrupt essential services that people rely on every day, from accessing healthcare and social benefits to running their businesses and livelihoods. If software does not work securely and reliably, it can threaten public safety, economic stability and trust in digital systems. This reality requires us to treat software security as a fundamental social responsibility and ensure that the digital infrastructure supporting our communities is resilient, trustworthy and designed to protect people’s lives and well-being.
The way forward
The UK Government’s Cyber Action Plan is underpinned by a £210 million investment and the creation of a government cyber unit, signaling a serious intention to transform the cyber resilience of the UK public sector. But governments can’t do it alone, and they shouldn’t.
The software that drives our economy crosses the lines between all sectors. Banks, hospitals, utilities, retailers and government agencies depend on robust and secure software. By establishing common core practices through the Code of Practice, we increase our defense across all industries and sectors.
As ambassadors, we will work with colleagues across sectors to share insights, address common challenges and advocate for practical approaches that work in the real world. We will provide feedback to policymakers based on implementation experiences, help shape future iterations of the Code, and potentially inform regulatory frameworks.
Shared responsibility
Cyber security has never been more important to our way of life. As the UK government rightly points out in its action plan, trust in digital services underpins everything from economic productivity to access to basic services.
Building that trust requires collective action. It requires software vendors to prioritize security, governments to set clear expectations and provide support, and organizations of all sizes to implement robust security practices. The Software Security Code provides a common framework for this collaboration.
At Cisco, we’ve always believed that security is a team sport. No single company, no matter how large or sophisticated, can solve these insulation problems. By serving as an ambassador for Codex, committing to resilient infrastructure, and championing projects like Project CodeGuard (an open source, model-agnostic security framework that embeds security practices by default in the workflows of AI coding agents), we reaffirm our commitment to this principle.
The UK Government has set out an ambitious agenda for digital transformation and cyber resilience. We are proud to stand alongside them and our fellow ambassadors from across the technology sector to make this ambition a reality.
After all, secure software and resilient infrastructure aren’t just good business; they are the foundation on which we build the digital services that millions of people depend on every day.
We’d love to hear what you think! Ask and stay connected with Cisco Security on social media.
Cisco Security Social Networks
LinkedIn
Facebook
Instagram
X