Question to the Cabinet Office:

To ask the Minister for the Cabinet Office, what the Government's definition is of the acceptable risk parameters for the cyber security of all Government services referred to in paragraph 5.2.7 of the Government's National Cyber Security Strategy 2016 to 2021.

HMG uses a mature risk management process to balance functionality, security, risk and cost

Through this process Risk Owners determine the risks they are willing to tolerate to their services,
largely based on potential impact, and make sure that appropriate mitigations are in place. The
National Cyber Security Centre publishes advice on cyber risk management and technical design
principles to help service owners make consistent risk decisions.