Government cyber resilience

Public Accounts Committee Closed Inquiry
Opened: 15 Jan 2025 Closed: 17 Jul 2025 Parliament page
In 2022, the Government set itself a target for critical functions to be significantly hardened to cyber-attack by 2025. It also aims for the whole public sector to be resilient to known vulnerabilities and attack methods by 2030 at the latest. Alongside a recognition that there is a significant gap … Read more
15 Recommendations
20 Conclusions
1 Report
1 Oral session
1 Letter
1 Event
Activity timeline 5 events
18 Sep
2025
Report published
9 May
2025
Report published
31 Mar
2025
Correspondence
10 Mar
2025
Oral evidence
10 Mar
2025
Formal meeting (oral evidence session) · The Thatcher Room, Portcullis House
Oral evidence sessions 1 session
10 Mar 2025
View on parliament.uk
Bella Powell · Cabinet Office Cat Little · Cabinet Office Joanna Davinson · Cabinet Office Vincent Devine · Cabinet Office
Title HC No. Published Items Response
24th Report - Government cyber resilience HC 643 9 May 2025 35 Responded
Recommendations & Conclusions
3 results
Clear
32 Conclusion Deferred
24th Report - Government cyber res…
Government lacks robust oversight of departmental cyber strategy, risking 2025 resilience target.
The Cabinet Office has prioritised implementing its central initiatives, such as GovAssure. However, it has not put robust arrangements in place to oversee how departments are implementing the Strategy, such 65 Q 67 66 Q 61 67 Q 79; GCR0004, … Read more
Government Response
The government agrees and is defining a future Target Operating Model for Cyber and Digital Resilience, with DSIT setting out implementation plans for this model later in 2025.
HM Treasury
View details
33 Conclusion Deferred
24th Report - Government cyber res…
Cabinet Office designing new approach to meet challenging 2030 cyber security target
We asked the Cabinet Office how it intended to meet its target for 2030. The Cabinet Office was clear that the target would be challenging to meet. To do so, it told us that government would need to take a … Read more
Government Response
The government agrees and states that a Target Operating Model for Cyber and Digital Resilience is being defined, with DSIT setting out implementation plans later in 2025.
HM Treasury
View details
34 Conclusion Deferred
24th Report - Government cyber res…
Cabinet Office accepted NAO recommendation for cross-Government cyber security implementation and monitoring plan
We challenged the Cabinet Office on whether its plans were realistic. The Cabinet Office told us it had accepted the NAO’s recommendation that it needed a cross–Government implementation plan and a stronger monitoring and evaluation framework.75 It said these would … Read more
Government Response
The government agrees with the committee's observation and states that work is underway to define a future Target Operating Model for Cyber and Digital Resilience, with DSIT setting out implementation plans later in 2025.
HM Treasury
View details
Government Response AI assessment · 34 of 15 classified
Accepted 30
Accepted in Part 1
Deferred 3
Total 15 recs + 20 conclusions
Correspondence 1 letter
31 Mar 2025 To committee Letter from the Civil Service Chief Operation Officer and Cabinet Office Permanent Secretary relating to the oral evidence session held on 10 March 2025 on Government Cyber Resilience, 24 March 2025
Parliament page