Source · Select Committees · Public Accounts Committee
Recommendation 33
33
Deferred
Cabinet Office designing new approach to meet challenging 2030 cyber security target
Conclusion
We asked the Cabinet Office how it intended to meet its target for 2030. The Cabinet Office was clear that the target would be challenging to meet. To do so, it told us that government would need to take a fundamentally different approach to cyber security. The Cabinet Office was designing this new approach, which it said would focus on what the centre of government could do to bring about change. Its plans included strengthening accountability, setting requirements for departments and measuring their performance against them, and providing services “once and well” from the centre of government to the public sector. The Cabinet Office gave the example of cross–Government vulnerability scanning, which the Government Digital Service was testing.74
Government Response Summary
The government agrees and states that a Target Operating Model for Cyber and Digital Resilience is being defined, with DSIT setting out implementation plans later in 2025.
Government Response
Deferred
HM Government
Deferred
6.1 The government agrees with the Committee’s recommendation. Target implementation date: Winter 2025 6.2 Work is underway to define a future Target Operating Model for Cyber and Digital Resilience, which will set out how government and the public sector should organise itself and operate to understand, govern, and respond to cyber and digital resilience risk. Later in 2025, DSIT will set out plans for implementation of this model, and how it will enable the delivery of a strong and interventionist approach to cyber and digital resilience.