Source · Select Committees · Public Accounts Committee
24th Report - Government cyber resilience
Public Accounts Committee
HC 643
Published 9 May 2025
Conclusions (3)
32
Conclusion
Deferred
The Cabinet Office has prioritised implementing its central initiatives, such as GovAssure. However, it has not put robust arrangements in place to oversee how departments are implementing the Strategy, such 65 Q 67 66 Q 61 67 Q 79; GCR0004, Written evidence submitted by Nigel D Cook; GCR0007, Written evidence …
Government Response Summary
The government agrees and is defining a future Target Operating Model for Cyber and Digital Resilience, with DSIT setting out implementation plans for this model later in 2025.
33
Conclusion
Deferred
We asked the Cabinet Office how it intended to meet its target for 2030. The Cabinet Office was clear that the target would be challenging to meet. To do so, it told us that government would need to take a fundamentally different approach to cyber security. The Cabinet Office was …
Government Response Summary
The government agrees and states that a Target Operating Model for Cyber and Digital Resilience is being defined, with DSIT setting out implementation plans later in 2025.
34
Conclusion
Deferred
We challenged the Cabinet Office on whether its plans were realistic. The Cabinet Office told us it had accepted the NAO’s recommendation that it needed a cross–Government implementation plan and a stronger monitoring and evaluation framework.75 It said these would be ready in the summer of 2025, after the Spending …
Government Response Summary
The government agrees with the committee's observation and states that work is underway to define a future Target Operating Model for Cyber and Digital Resilience, with DSIT setting out implementation plans later in 2025.