Digital adoption is no longer the headline story it once was. Across adult social care, digital social care records are increasingly becoming part of normal operating practice. That is real progress. The more important question now is what the next phase of digital maturity looks like — and whether providers are building enough resilience around the systems they increasingly rely on.
For several years, the sector has been focused on one big transition: moving away from paper-based processes and towards more connected, visible and efficient digital ways of working.
That transition is clearly moving forward.
Official figures estimate that 82.0% of adult social care provider locations had a digital social care record in place by December 2025, while separate government survey work shows adoption rose from 41% in December 2021 to 80% by July 2025.
That should be recognised for what it is: meaningful progress.
It reflects a sector that has been modernising under pressure, improving access to information, and building stronger foundations for more joined-up care.
But once digital records begin to feel standard rather than new, the conversation naturally changes.
The issue is no longer simply whether providers have digitised.
It is whether the organisation around those digital systems is strong enough, secure enough and operationally confident enough to rely on them well.
The shift is no longer about adoption
There was a time when having a digital social care record felt like a milestone.
Now, it is increasingly the starting point.
Government policy already makes that clear. In the 2025 adult social care provider technology survey, a “fully digitised” provider is not defined only by using an assured digital social care record. It also includes achieving the ‘standards met’ level on the Data Security and Protection Toolkit.
That matters because it shows where expectations are now moving.
The direction of travel is not just: Use digital tools
It is: Use them safely, govern them properly, and build enough resilience around them that they strengthen the service rather than quietly introducing new points of weakness
That is a more mature conversation.
And it is a positive one, because it suggests the sector is moving beyond digital catch-up and into a more serious discussion about digital quality.
Why this matters in practice
Cyber resilience can still sound like a specialist term — something technical, remote or more relevant to IT suppliers than providers themselves.
In practice, it is much more straightforward than that.
In care, cyber resilience is about whether the service can continue to operate safely and confidently when digital systems are under pressure.
If a provider depends on digital care records, cloud-based care planning, digital handovers, rostering platforms, connected devices or remote access tools, then disruption to those systems is not just a technical inconvenience.
It can affect:
- access to information
- continuity of care
- team communication
- handovers and task visibility
- confidence in decision-making
- and, ultimately, trust in how the organisation is being run
That is why this topic matters now.
Not because the sector should become fearful of technology.
But because digital systems are becoming more central to care delivery, and anything central to care delivery eventually becomes an operational issue, not just a technical one.
The conversation is already moving this way
This is not a forced angle. It is already part of the formal direction around digital care.
The Data Security and Protection Toolkit is built around the National Data Guardian’s 10 data security standards and is the mechanism used to ensure that information is being kept safe and secure. NHS England’s Digital Technology Assessment Criteria also places data protection, technical security, interoperability, clinical safety, usability and accessibility at the centre of how digital health technologies are assessed.
NHS England has also recently published guidance promoting a just culture approach to information governance and cyber security, with a clear emphasis on learning, reporting and organisational maturity rather than blame.
That is important.
It tells us the live conversation is not simply about defending against dramatic cyber events. It is about building organisations where digital tools are used with enough discipline, awareness and readiness that problems are spotted earlier, reported faster and managed more confidently.
That is a much more practical and useful framing for providers.
The next maturity gap may be hidden in plain sight
The sector has made visible progress on adoption.
The less visible question is whether resilience has grown at the same pace.
That does not mean assuming providers are behind. It means recognising that once digital systems become normal, the risks around them can become easier to overlook.
Access permissions drift over time. Staff habits become inconsistent. Suppliers are trusted without always being checked closely enough. Incident reporting may exist on paper, but feel unclear in practice. Contingency plans may be assumed rather than tested.
None of that means a provider is failing.
It simply reflects the reality that digital maturity is not achieved the day a system goes live.
It is built into how the organisation uses it, governs it and prepares around it over time.
That is where the next step forward now sits.
What good now looks like
The providers likely to feel strongest in this next phase are not necessarily those with the most technology.
They are more likely to be the ones who are becoming more deliberate about the digital systems they already have.
That means knowing which platforms are genuinely business-critical.
It means being clear about who has access to what, and why.
It means improving staff awareness in ways that change behaviour, not just completing a compliance task.
It means making incident reporting straightforward enough that near misses and small mistakes are surfaced early rather than quietly ignored.
It means understanding whether key suppliers and systems are meeting the standards the organisation assumes they are meeting.
And it means being realistic about continuity: if one important system became unavailable, would the service still know how to operate safely and calmly?
That is not panic thinking.
That is good operational thinking.
And for providers already investing time and care into better digital working, it is a logical next step rather than a dramatic new burden.
Why this should be read positively
There is a strong positive message in all of this.
The fact that the conversation is moving from digital adoption to digital resilience is actually a sign of progress.
It means the sector is no longer only asking whether digital systems should be used.
It is asking how to use them well.
That is a healthier and more advanced place to be.
It also gives providers something valuable: the chance to turn digital maturity into a wider operational strength.
Better resilience around digital systems does not just reduce security risk. Done well, it can improve clarity, accountability, continuity, staff confidence and governance quality across the organisation.
In other words, the upside is not simply being safer.
It is being run better.
That is why this topic deserves attention now.
Not because providers should worry more.
But because providers that strengthen resilience around their digital systems now are likely to build more confident, dependable and future-ready services as the sector continues to modernise.
The more useful question for 2026
The question for care providers in 2026 is no longer: Have we gone digital?
For most of the sector, that shift is already well underway.
The more useful question now is: Are we building an organisation around those digital systems that is secure, well-governed and resilient enough to rely on them properly?
That is the next maturity test.
And it is a constructive one.
Because providers that answer it well are unlikely to just improve cyber readiness.
They are likely to strengthen trust, continuity and operational confidence across the wider business too.
In that sense, the next phase of digital care is not simply about adoption. It is about building a service that is resilient enough to make digital progress truly count.
