Home / Sources / Select Committees / Public Accounts Committee / Government cyber resilience
Index live · Last sync 22 May 2026
Select Committee · Public Accounts Committee

Government cyber resilience

Status: Closed Opened: 15 Jan 2025 Closed: 17 Jul 2025 15 recommendations 20 conclusions 1 report

In 2022, the Government set itself a target for critical functions to be significantly hardened to cyber-attack by 2025. It also aims for the whole public sector to be resilient to known vulnerabilities and attack methods by 2030 at the latest. Alongside a recognition that there is a significant gap between cyber resilience levels currently …

Clear

Reports

1 report
Title HC No. Published Items Response
24th Report - Government cyber resilience HC 643 9 May 2025 35 Responded

Recommendations & Conclusions

1 item
23 Recommendation 24th Report - Government cyber resilien… Accepted in Part

GovAssure not designed to assess all critical systems despite improvement goals.

We asked the Cabinet Office how it would increase the scale and pace of GovAssure to assess the cyber resilience of all of government’s critical systems. The Cabinet Office explained that it did not plan to assess 100% 43 C&AG’s Report, paras 14, 15 44 C&AG’s Report, para 19 45 …

Government response. The government agrees to the recommendation, aiming for implementation by Spring 2026, and commits to requiring departments to identify and report critical systems through GovAssure, driving its adoption across government, and determining optimal assessment scale and frequency. However, it does …
HM Treasury

Oral evidence sessions

1 session
Date Witnesses
10 Mar 2025 Bella Powell · Cabinet Office, Cat Little · Cabinet Office, Joanna Davinson · Cabinet Office, Vincent Devine · Cabinet Office View ↗

Correspondence

1 letter
DateDirectionTitle
31 Mar 2025 To cttee Letter from the Civil Service Chief Operation Officer and Cabinet Office Perman…