The Government’s Refreshed Cyber Action Plan and Why Identity, Trust and Secure Communications Now Matter More Than Ever

The recently refreshed Government Cyber Action Plan (GCAP) marks a serious shift in how the UK intends to manage cyber risk across its public services. Public services now operate digitally by default. Tax, healthcare, welfare, policing and justice processes all depend on digital systems and data pathways. This brings efficiencies and accessibility benefits but also introduces new forms of exposure to criminal, state and hybrid cyber threats that can disrupt services and erode public trust.

GCAP responds to these pressures by moving away from guidance and decentralisation in favour of coordination, accountability and measurable resilience. The creation of a Government Cyber Unit and new shared frameworks signals a reset in how cyber risk is expected to be governed.

Where YEO Sees the Strategic Direction

YEO views GCAP through three important lenses: trust, verification and resilience.

1. Trust in digital public services now depends on identity and verification

Digital government requires confidence in who is accessing services and who is communicating within them. As fraud, impersonation, and social engineering attacks increase, identity verification and secure communication become core components of trust infrastructure. GCAP recognises that resilience is not only about systems and networks but also about the authentication environment that surrounds them.

2. Policing and safeguarding rely on secure digital communications

GCAP’s scope extends beyond Whitehall. Policing, justice, health and local authority services all sit within the wider public sector ecosystem covered by the plan. These services handle sensitive data, coordinate multi-agency safeguarding and manage time-critical operational communications. Secure and identity-verified communication reduces friction and risk when police forces exchange information with councils, healthcare or education providers. It also supports safeguarding outcomes for children and vulnerable adults by reducing exposure to spoofing, impersonation, or coercive communication.

3. Public sector communications will become a more contested terrain

Cybercrime, fraud and misinformation place pressure on public-facing communication channels. A resilient digital public sector needs communication platforms that preserve privacy, prevent spoofing, verify identities, and reduce opportunities for adversaries to manipulate information environments. Identity verified messaging closes off some of the easiest pathways for social engineering and targeted exploitation.

Why GCAP Matters to Suppliers and Integrators

Suppliers of digital services to policing, justice, health and local government will find that GCAP raises expectations for cyber maturity and transparency. Future procurement cycles are likely to place greater weight on secure communications, identity verification, auditability and data handling. The ability to demonstrate that a platform cannot be spoofed and that sensitive communication remains confidential will become more material to resilience assessments.

Citizens Will Expect Digital Government to Be Safe by Design

Citizens increasingly expect public services to protect their data, privacy, and identity. GCAP acknowledges that digital trust is earned. It requires strong authentication, secure information exchange and resilience against compromise. Platforms that combine privacy with identity verification help the government deliver digital services without exposing citizens to new safety risks.

The Direction of Travel Is Clear

The refreshed GCAP places cyber resilience at the centre of how digital public services are delivered. For sectors such as policing, safeguarding, health, and justice, secure and verifiable communication environments are no longer optional. They are becoming foundational to service delivery, user protection and public trust.

GCAP is still in early implementation. However, the direction is visible. Identity, privacy and resilience are converging. YEO supports this shift and continues to advocate for a communication infrastructure that protects citizens, prevents impersonation and upholds safety standards across digital public services.