Recommendation 35

We asked if there were any countries that manage cyber security effectively that the UK should learn from. The Cabinet Office told us that most of the UK’s international partners were also trying to catch up with the 70 C&AG’s Report, paras 2.5, 2.20–2.21 71 C&AG’s Report, paras 16, 25; The Cabinet Office, Government Cyber Security Strategy: 2022–2030, January 2022 72 C&AG’s Report, para 2.22 73 Q 68 74 Q 67 75 Q 69 76 Q 71 77 Q 70 18 fast–moving threat.78 The UK could learn a lot from other international governments, including Canada and Australia, which have done more from the centre of government and have focused on transparency and assurance. The Cabinet Office told us that its counterparts in Australia regularly publish the resilience levels of government organisations and have found this improves accountability. The Canadian centre of government provides services and capabilities to the rest of government, which lets it understand and respond to risk more effectively. The Cabinet Office said it was learning from these approaches as it designs the UK Government’s new approach to cyber security.79 78 Q 75 79 Q 76 19