The statement made by Ian Murray, the Minister for Digital Government and Data, in the House of Commons on 6 January 2026.
Today I am publishing the Government cyber action plan, which sets out how we will transform cyber-security and resilience across Government and the public sector.
Public incidents demonstrate the devastating real-world consequences of inadequate cyber resilience. The recent incident affecting the Legal Aid Agency compromised personal data and impacted the organisation’s ability to digitally process legal aid applications and bills.
Similarly, the attack on Synnovis—a supplier of pathology services to the NHS—caused delays to over 11,000 outpatient and elective procedure appointments and, tragically, contributed to the death of a patient.
This reality underscores the fact that cyber-security is not a luxury; it is a fundamental component of business continuity, and all organisations should take steps to defend themselves.
Digitisation offers substantial opportunities to transform lives, deliver better public services, and drive economic growth and digital government. By investing in secure and resilient foundations, we do more than protect and transform public services; we drive innovation and growth within the UK’s cyber-security sector.
This Government have taken important steps in understanding and mitigating cyber risk across Government and the public sector. The Government Cyber Co-ordination Centre, also known as GC3, enables us to respond as one Government to cyber incidents, threats and vulnerabilities. Our secure-by-design approach enables us to “fix forward”, ensuring future digital services are designed to achieve cyber-security resilience outcomes. GovAssure, our cyber assurance process now entering its third year of operations, offers an unprecedented picture of current resilience levels and the fundamental blockers to progress.
However, the evidence is clear: we must do far more to address the persistent threat. We must move from a model where individual organisations act alone to one where the Government truly defend as one.Toggle showing location ofColumn 8WS
Today’s Government cyber action plan sets out a radically new model for how Government will operate differently to deliver this necessary transformation. It is backed by investment of over £210 million, led by the Government cyber unit within the Department for Science, Innovation and Technology. The unit is taking decisive action to rapidly address the recommendations from both the National Audit Office and the Public Accounts Committee by holding Departments to account for their cyber-security and resilience risks, as well as providing them with more direct support and services, and co-ordinating response to fast-moving incidents.