Government Cyber Action Plan: What cyber security professionals need to know

Published on 6 January 2026, the GCAP responds to ever-changing threats and the urgent need for a consistent, modern approach to securing public services.

Published alongside the second reading of the Cyber Security and Resilience Bill and forming part of the broader Roadmap for a Modern Digital Government, the GCAP sets out clear expectations for how government organisations must manage cyber security and resilience, with measurable objectives and defined outcomes.

Strategic objectives and delivery strands

The GCAP is built around 4 strategic objectives:

• better visibility of cyber security and resilience risk
• addressing severe and complex risks
• improving responsiveness to fast-moving events
• rapidly increasing government-wide cyber resilience

These will be delivered through 5 interconnected strands:

1. Accountability: Clarifying, enabling and enforcing responsibilities for cyber and digital resilience risk. Bringing mandated actions for government in line with our expectations for industry.
2. Support: Guidance, targeted technical advice, business partnering and improved commercial frameworks. Making it easier and faster for public sector organisations to achieve target resilience levels.
3. Services: A portfolio of scalable cyber services, delivered once and well, for all government organisations and the wider public sector. These will measure risk exposure, target system wide vulnerabilities and enable detection and response.
4. Response and Recovery: Rapid expansion of our ability to respond collectively to cyber and digital resilience events, serious threats, vulnerabilities and incidents.
5. Skills: A strengthened central cyber profession for government, with scaled skills programmes to increase access to technical talent, reduce cost of recruitment and reduce reliance on contingent labour.

Delivering the GCAP

Implementation will happen in 3 phases. This gives organisations clarity on pacing, expectations and what comes next.

Phase 1: Building (to March 2027)

Establishing the foundations, standards, baselines, strengthened governance and initial operating functions needed to drive change.

Phase 2: Scaling (2027 to 2029)

Expanding capability across government, embedding standards, boosting skills and ensuring sustained improvements across service delivery.

Phase 3: Improving (2029 onwards)

Optimisation, adapting to new threats, embedding lessons learned and continuously improving government‑wide resilience.

Launch of the Government Cyber Unit

The Government Cyber Unit (GCU), hosted by DSIT, is the central coordinating function responsible for driving cyber security and resilience transformation across government and the public sector.

Led by Bella Powell, the Government Chief Information Security Officer (CISO), GCU will act as the strong, active centre that drives this plan. It will provide clear direction, stronger accountability and targeted support to departments.

GCU will:

• manage government-wide cyber risk, improving visibility and supporting departments to meet resilience standards
• provide central oversight and coordination, enabling government to act as a one during complex incidents and when major vulnerabilities emerge
• invest in scalable digital services and operational capability to enable faster, more effective risk mitigation

Delivery depends on all of us

This plan provides the structure and support. But its success relies on shared responsibility, disciplined implementation and sustained commitment across the whole public sector.

Every public sector organisation, cyber professional and supplier have a part to play in raising the resilience of UK public services.

The GCAP sets a clear, collective direction which can help make that happen.

Read the papers in full on GOV.UK:

• Government Cyber Action Plan
• Cyber Security and Resilience Bill
• A blueprint for modern digital government