The UK government has revealed the Government Cyber Action Plan as a renewed effort to close the growing gap between escalating cyber threats and the public sector’s ability to respond effectively.
The move comes amid a series of cyberattacks targeting UK retail and manufacturing sectors, incidents that have underscored broader vulnerabilities affecting critical services and government operations.
Designed to strengthen UK cyber resilience, the plan reflects a shift from fragmented cyber initiatives to a more coordinated, accountable, and outcomes-driven approach across government departments.
A Growing Gap Between Threats and Defences
Recent cyber incidents have highlighted a persistent challenge: while threats to public services continue to grow in scale and sophistication, defensive capabilities have not kept pace. Reviews conducted by the Department for Science, Innovation and Technology (DSIT) revealed that cyber and digital resilience across the public sector was significantly lower than previously assessed.
This assessment was reinforced by the National Audit Office’s report on government cyber resilience, which warned that without urgent improvements, the government risks serious incidents and operational disruption. The report concluded that the public sector must “catch up with the acute cyber threat it faces” to protect services and ensure value for money.
Building on Existing Foundations
The Government Cyber Action Plan builds on earlier collaborative efforts between DSIT, the National Cyber Security Centre (NCSC), and the Cabinet Office. Notable achievements to date include the establishment of the Government Cyber Coordination Centre (GC3), created to manage cross-government incident response, and the rollout of GovAssure, a scheme designed to assess the security of government-critical systems.
Despite these initiatives, officials acknowledged that structural issues, inconsistent governance, and limited accountability continued to hinder effective cyber risk management. GCAP is intended to address these gaps directly.
Five Delivery Strands of the Government Cyber Action Plan
At the core of the Government Cyber Action Plan are five delivery strands aimed at strengthening accountability and improving operational resilience across departments.
The first strand focuses on accountability, placing clearer responsibility for cyber risk management on accounting officers, senior leaders, Chief Digital and Information Officers (CDIOs), and Chief Information Security Officers (CISOs).
The second strand emphasises support, providing departments with access to shared cyber expertise and the rapid deployment of technical teams during high-risk situations.
Under the services strand, GCAP promotes the development of secure digital solutions that can be built once and used across multiple departments. This approach is intended to reduce duplication, improve consistency, and address capability gaps through innovation, including initiatives such as the NCSC’s ACD 2.0 programme.
Response is another key focus, with the introduction of the Government Cyber Incident Response Plan (G-CIRP). This framework formalises how departments report and respond to cyber incidents, improving coordination during national-level events.
The final strand addresses skills, aiming to attract, develop, and retain cyber professionals across government. Central to this effort is the creation of a Government Cyber Security Profession—the first dedicated government profession focused specifically on cyber security and resilience.
Role of the NCSC and Long-Term Impact
The NCSC will play a central role across all five strands of the Government Cyber Action Plan, from supporting departments during incidents to helping design services that improve resilience. This approach aligns with the NCSC’s existing work with critical national infrastructure and public sector organisations, offering technical guidance, assurance, and incident response support.
While GCAP’s implementation will be phased through to 2029 and beyond, officials say the framework is expected to deliver measurable improvements even in its first year. These include stronger risk management practices and faster coordination during cyber incidents.
According to Johnny McManus, Deputy Director for Government Cyber Resilience at the NCSC, the combination of DSIT’s delivery leadership and the NCSC’s technical authority provides a foundation for transforming UK cyber resilience across the public sector.
