Recommendation 24

HM Government Accepted

6.1 The government agrees with the Committee’s recommendation. Recommendation implemented: August 2025 6.2 The MoJ and LAA have already identified and shared lessons from the attack through several routes. Internally, across MoJ, this has taken place at: MoJ Audit and Risk Assurance Committee; within the MoJ Executive Committee and Senior Leadership Group; and with the HMCTS Executive Leadership Team. Lessons have also been shared with Permanent Secretaries as part of their weekly cross-government meetings, and to the cross-government data practitioners’ network. 6.3 In the months following the attack the department shared technical details with public sector security teams through the Government Cyber Coordination Centre (GC3) Impact Coordination Group, as well as writing to the HMG Chief Information Security Officer (CISO) network. The department has also taken experiences of the attack and developed a tabletop exercise that can be used by other departments to role play the scenario and test their thinking and business continuity systems against. This has been shared with the Government Cyber Unit for ongoing use. 6.4 The MoJ and LAA continue to work to identify lessons and to share these with stakeholders and are attending the National Cyber Security Centre (NCSC) CyberUK conference as a panel member in April 2026. Further sessions will be provided to assist any other department that requests it and the department has also offered to share learnings across the Operational Delivery Profession. 6.5 The Chief Executive of the Legal Aid Agency (LAA) set out the initial lessons learned at the Committee evidence session in October 2025, including the need for senior leaders to ensure that cyber-vulnerabilities are fully understood and business continuity plans cover a long period.