Select Committee · Public Accounts Committee

Government cyber resilience

Status: Closed Opened: 15 Jan 2025 Closed: 17 Jul 2025 15 recommendations 20 conclusions 1 report

In 2022, the Government set itself a target for critical functions to be significantly hardened to cyber-attack by 2025. It also aims for the whole public sector to be resilient to known vulnerabilities and attack methods by 2030 at the latest. Alongside a recognition that there is a significant gap between cyber resilience levels currently …

Reports

1 report

Title	HC No.	Published	Items	Response
24th Report - Government cyber resilience	HC 643	9 May 2025	35	Responded

Recommendations & Conclusions

3 items

32 Conclusion 24th Report - Government cyber resilien… Deferred

Government lacks robust oversight of departmental cyber strategy, risking 2025 resilience target.

The Cabinet Office has prioritised implementing its central initiatives, such as GovAssure. However, it has not put robust arrangements in place to oversee how departments are implementing the Strategy, such 65 Q 67 66 Q 61 67 Q 79; GCR0004, Written evidence submitted by Nigel D Cook; GCR0007, Written evidence …

Government response. The government agrees and is defining a future Target Operating Model for Cyber and Digital Resilience, with DSIT setting out implementation plans for this model later in 2025.

HM Treasury

33 Conclusion 24th Report - Government cyber resilien… Deferred

Cabinet Office designing new approach to meet challenging 2030 cyber security target

We asked the Cabinet Office how it intended to meet its target for 2030. The Cabinet Office was clear that the target would be challenging to meet. To do so, it told us that government would need to take a fundamentally different approach to cyber security. The Cabinet Office was …

Government response. The government agrees and states that a Target Operating Model for Cyber and Digital Resilience is being defined, with DSIT setting out implementation plans later in 2025.

HM Treasury

34 Conclusion 24th Report - Government cyber resilien… Deferred

Cabinet Office accepted NAO recommendation for cross-Government cyber security implementation and monitoring plan

We challenged the Cabinet Office on whether its plans were realistic. The Cabinet Office told us it had accepted the NAO’s recommendation that it needed a cross–Government implementation plan and a stronger monitoring and evaluation framework.75 It said these would be ready in the summer of 2025, after the Spending …

Government response. The government agrees with the committee's observation and states that work is underway to define a future Target Operating Model for Cyber and Digital Resilience, with DSIT setting out implementation plans later in 2025.

HM Treasury

Oral evidence sessions

1 session

Date	Witnesses
10 Mar 2025	Bella Powell · Cabinet Office, Cat Little · Cabinet Office, Joanna Davinson · Cabinet Office, Vincent Devine · Cabinet Office	View ↗

Correspondence

1 letter

Date	Direction	Title
31 Mar 2025	To cttee	Letter from the Civil Service Chief Operation Officer and Cabinet Office Perman…

Committee: Public Accounts Committee
Status: Closed
Opened: 15 Jan 2025
Closed: 17 Jul 2025
Parliament page: View on parliament.uk ↗

Government response: AI assessment · 34 of 35 classified

Accepted	30
Accepted in Part	1
Deferred	3

Recent activity

18 Sep 2025 · Report published

Treasury minutes: Government response to the Committee of Public Accounts on th…

9 May 2025 · Report published

24th Report - Government cyber resilience

31 Mar 2025 · Correspondence

Letter from the Civil Service Chief Operation Officer and Cabinet Office Perman…

10 Mar 2025 · Oral evidence

Oral evidence session

10 Mar 2025 · Formal meeting (oral evidence session) · The Thatcher Room, Portcullis House

Committee event