Last week, we joined government leaders, policymakers, and technology providers at DigiGov 2025 to explore the future of digital government. Across two days of discussions, one theme was clear: cyber security is no longer a siloed concern but a foundational enabler of trust in public services.
Against a backdrop of high-profile attacks impacting organisations such as Collins Aerospace, JLR, Co-op and M&S, DigiGov underscored how urgent, complex, and people-driven the cyber challenge has become.
Looking Ahead: The Next Five Years of Security
The opening session on The Future of Security highlighted the accelerating pace of threats. Unsurprisingly, ransomware campaigns and supply chain vulnerabilities are expected to dominate, with adversaries increasingly leveraging AI for precision targeting. For government bodies, this means building resilience into every layer of digital transformation – from secure-by-design procurement to proactive threat detection and response – which we’ll dig into.
The Human Factor: Culture at the Core
Perhaps the most resonant theme came from the session on The Human Factor in Cyber Security. With 60%+ of breaches linked to human error, tackling cultural and behavioural risks is as critical as deploying technical controls. Poor password practices, phishing, and accidental data exposure remain top offenders – all of which, we’ll be addressing as part of Cyber Awareness Week 2025.
Speakers emphasised the need for bitesize, iterative, and relevant learning to engage employees at every level. As Kimran Dhaliwal of DSIT put it,
“You can’t fix what you don’t know.”
This means creating feedback loops, quantifying risks in terms boards understand, and celebrating success stories to build a culture of resilience. Of course, this hits harder given recent social engineering attacks in the news by threat actors such as Scattered Spider.
Preparing for the Inevitable: Incident Response and Recovery
In the session on Incident Response Plans, the message was pragmatic: breaches are inevitable, but outcomes are not. Leaders should continually test their ability to answer three questions:
- How quickly can we respond?
- What will our response be?
- What do we do next, and how good are we at it?
Even if that means going back to methods as simple as paper and pencil, the panel highlighted the need for a back-up plan that allows essential services to continue in the event of a breach. This is to prevent service downtime, as seen in the case of Hackney Council, which was unable to collect council tax digitally for 12 months.
The importance of rehearsal and cross-agency coordination was repeatedly emphasised. Recent retail breaches have shown that the speed of response can make a decisive difference. One organisation lost 10% of the sales of another, facing a similar attack. For government services, where downtime or public distrust can have far greater consequences, the ability to respond swiftly is critical.
Local Resilience Through the Cyber Assessment Framework
The session on Strengthening Local Resilience shone a light on the Cyber Assessment Framework (CAF) as a pragmatic tool for local government. CAF is enabling councils to measure maturity, prioritise investment, and demonstrate accountability in a language that resonates with elected members. What stood out was the emphasis on partnership — recognising that few local authorities can achieve round-the-clock protection alone. There’s plenty upcoming in terms of how CAF will be refined thanks to feedback directly from the sector, so be sure to get involved to be part of the evolving framework.
Legislative Clarity: The UK’s Cyber Security and Resilience Bill
With the Cyber Security and Resilience Bill edging ever closer to reality, DigiGov speakers stressed its dual role: raising minimum standards across critical sectors while creating a legal framework that balances innovation with accountability. The Bill is expected to provide clarity for government buyers and suppliers alike, particularly in procurement processes where compliance will be central.
Our Takeaway
For government leaders, DigiGov 2025 reaffirmed that there’s never been a more compelling time to ensure your defences are tried, tested, and tested again. From embedding CAF in local services to preparing for new legislation, from strengthening culture to testing incident response, the direction of travel is clear: resilience will be defined not only by technology, but by people, partnerships, and preparedness.
At e2e-assure, we see our role as helping government and public sector organisations navigate this complexity with clarity, precision, and control.