Recommendation 7

HM Government Accepted

1.1 The government agrees with the Committee’s recommendation. Target implementation date: Autumn 2026 1.2 The government has committed in the Blueprint for Modern Digital Government to resetting the relationship with cyber and technology risk, and taking a stronger and more interventionist approach to drive transformation across government. This approach is needed to achieve a step change in resilience across government, arm’s–length bodies and the wider public sector. 1.3 The government has taken immediate action to address this and moved responsibility for government and public sector cyber security from the Cabinet Office to the Department for Science, Innovation and Technology (DSIT). This change will strengthen technology resilience and policymaking across the public sector, by better integrating cyber security responsibilities and expertise into the Government Digital Service. 1.4 In winter 2025, DSIT will publish a Government Cyber Security Strategy Implementation Plan (GCSS IP) which will set out the approach to driving cyber and technology resilience. DSIT will write to the Committee to update them on implementation in one year’s time.