Source · Select Committees · Public Accounts Committee
Recommendation 1
1
Accepted
Committee takes evidence regarding government cyber resilience based on C&AG report.
Conclusion
On the basis of a report by the Comptroller and Auditor General, we took evidence from the Cabinet Office and the Department for Science, Innovation and Technology (DSIT) on the cyber resilience of Government.1
Government Response Summary
The government states it has moved cyber security responsibility to DSIT to enable a more interventionist approach. DSIT will publish a Government Cyber Security Strategy Implementation Plan in winter 2025 and will update the Committee on implementation in one year.
Government Response
Accepted
HM Government
Accepted
The government agrees with the Committee’s recommendation. resetting the relationship with cyber and technology risk, and taking a stronger and more interventionist approach to drive transformation across government. This approach is needed to achieve a step change in resilience across government, arm’s–length bodies and the wider public sector. The government has taken immediate action to address this and moved responsibility for government and public sector cyber security from the Cabinet Office to the Department for Science, Innovation and Technology (DSIT). This change will strengthen technology resilience and policymaking across the public sector, by better integrating cyber security responsibilities and expertise into the Government Digital Service. In winter 2025, DSIT will publish a Government Cyber Security Strategy Implementation Plan (GCSS IP) which will set out the approach to driving cyber and technology resilience. DSIT will write to the Committee to update them on implementation in one year’s time.