Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, whether her Department has formalised reporting requirements for departments that experience repeated cyber incidents.

The Government Cyber Security Policy Handbook sets clear expectations for departments to follow in the event of a cyber incident, including the communication plans that departments need to have in place to notify relevant bodies and organisations.

The Government Cyber Coordination Centre (GC3) will shortly publish the Government Cyber Incident Response Plan (G-CIRP) which reiterates departmental responsibilities during cyber incidents, including reporting.

Furthermore, DSIT expects to publish the Government Cyber Action Plan this Winter, which sets out clear structures and actions to improve our collective response to fast-moving incidents. It also articulates how the Government Cyber Coordination Centre will provide departments with more support in understanding, detecting and responding to threats.