As the recent cyber attacks affecting UK retail and manufacturing have made clear, there is a widening gap between the escalating threats to our societies, critical services and businesses, and our ability to defend and be resilient.
In recent years, the NCSC has worked closely with the Cabinet Office, DSIT (the Department for Science, Innovation and Technology) and wider government to improve cyber security and resilience across the public sector, with joint successes including:
However, DSIT’s State of Digital Government Review highlighted that cyber and digital resilience levels across the public sector are far lower than previously assessed, and are failing to keep pace with escalating threats. The National Audit Office’s report on Government Cyber Resilience echoed this message, and stated that “to avoid serious incidents, build resilience and protect the value for money of its operations, government must catch up with the acute cyber threat it faces”.
In response, DSIT, with the support of the NCSC, has refreshed the Government’s Cyber Security Strategy (GCSS) to form the Government Cyber Action Plan (GCAP). The GCAP outlines roles and relationships between organisations working with the public sector (including the NCSC and DSIT), setting clear milestones, strengthening governance, and providing centralised support that allows departments to focus on securing what matters most.
The GCAP is built around five delivery strands:
- Accountability: strengthening the responsibility of accounting officers, senior leaders, and departmental CDIOs (Chief Digital & Information Officers) and CISOs (Chief Information Security Officers) for cyber risk management.
- Support: providing access to shared expertise and rapid deployment of technical teams.
- Services: delivering secure digital solutions ‘once and well’ for cost-effective use across departments, addressing gaps through experimentation and innovation (including through the NCSC’s ACD 2.0 programme).
- Response: introducing the Government Cyber Incident Response Plan (G-CIRP), which formalises departmental responsibilities during cyber incidents, including reporting.
- Skills: the attraction, upskilling, development and retention of cyber security specialists for government. Central to this aim is the establishment of a Government Cyber Security Profession, the first dedicated government profession for cyber security and resilience.
The NCSC is working with DSIT across all of these strands, from ongoing collaboration with GC3 to supporting departments during incidents, to helping design new services that will make a tangible difference to resilience. This approach aligns closely with the way we already support critical national infrastructure and wider public sector organisations, offering technical advice, guidance, assurance and incident response. GCAP is also creating new opportunities for the NCSC to work with the public sector more effectively, cascading best practice, sharing capabilities, and continuing to work directly with organisations where appropriate.
The journey to increased resilience will take time; the GCAP’s phased implementation runs through to 2029 and beyond. But even in its first year, the framework will deliver tangible results, from improved risk management to faster incident coordination. By combining DSIT’s delivery leadership with the NCSC’s technical authority for cyber security, the Government Cyber Action Plan provides the framework to transform public sector cyber and digital resilience.
Johnny M
NCSC Deputy Director for Government Cyber Resilience
