Question to the Department for Science, Innovation & Technology:

To ask His Majesty's Government what assessment they have made of the susceptibility of government digital systems to cyber attacks; and what steps they are taking to improve cyber security of those systems.

Government has made important steps in understanding and mitigating cyber risk. Cyber risks against government systems are kept under review through the internal, classified National Security Risk Assessment (NSRA), and its external-facing version, the National Risk Register (NRR). The NSRA assesses a number of cyber risks, including the impact of a cyber-attack against government systems on the delivery of public services.

GovAssure - our cyber assurance regime - has given us an objective picture of resilience levels across government, allowing us to phase interventions accordingly. Government is progressing work on an implementation plan to support the delivery of the Government Cyber Security Strategy and is establishing a more interventionist operating model to clarify, enable, and enforce cross-government responsibilities for cyber and digital resilience.