Asked by: Neil O'Brien (Conservative - Harborough, Oadby and Wigston)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Culture, Media and Sport, what assessment her Department has made of the drivers of and reasons for the almost trebling of the wage and salary costs of Arts Council England since April 2017.
Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology)
Arts Council England (ACE) is an arms-length body of the Department for Culture, Media and Sport (DCMS). As such, ACE is responsible for its own operational matters, including wage and salary costs. Nevertheless, they are in scope of the Cabinet Office annual pay remit guidance and, as the sponsoring department, DCMS oversees ACE's activities to ensure adherence to that central guidance and the principles of Managing Public Money.
It is important to note that an accounting adjustment impacts any comparison between reported staff costs between April 2017 and March 2025 as presented in the accounts. The accounts in 16/17 are not directly comparable to other years, as the figure is reduced by £3m due to an unutilised pension provision.
Nevertheless, staff costs have increased over the period. This reflects some headcount growth (in part to support new funding initiatives as well as improved approaches to counter-fraud, cyber security, governance, and data reporting), and pay awards limited to those allowable by the Cabinet Office pay remit.
Asked by: James McMurdock (Independent - South Basildon and East Thurrock)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what assessment she has made of the adequacy of One Login’s compliance with a) Secure by Design and b) the Cyber Assessment Framework.
Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology)
GOV.UK One Login is engaging appropriately with the Secure by Design (SbD) assessment process, and SbD principles are already embedded into the service.
GOV.UK One Login was assessed using GovAssure in 2024, the cyber security scheme for assessing government critical systems using the National Cyber Security Centre’s (NCSC) Cyber Assessment Framework (CAF) as part of the Government Cyber Security Strategy 2022-2030. GovAssure has multiple phases, which includes an assurance review by an independent assessor. The GOV.UK One Login programme works closely with NCSC to align with the requirements of the CAF.
Asked by: James McMurdock (Independent - South Basildon and East Thurrock)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what assessment she has made of the adequacy of the security of One Login in the context of the digital ID scheme.
Answered by Ian Murray - Minister of State (Department for Science, Innovation and Technology)
The Digital ID scheme is not yet in operation, therefore detailed design, implementation, and operational information is not available. The Cabinet Office will soon launch a public consultation to give everyone the opportunity to learn more and share their views.
GOV.UK One Login follows the highest security standards for government and private sector services - including dedicated 24/7 eyes-on monitoring, incident response and appropriate security controls. Protecting the security of government services and the data and privacy of users to keep pace with the changing cyber threat landscape as the service scales up is our biggest priority.
Asked by: James McMurdock (Independent - South Basildon and East Thurrock)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, what estimate his Department has made of the number of cyber attacks there have been on infrastructure in the last three years.
Answered by Dan Jarvis - Minister of State (Cabinet Office)
Cyber attacks against the UK are increasing in scale and impact. The National Cyber Security Centre (NCSC) categorises cyber incidents that have a substantial impact on the national security, the economy, or critical infrastructure as ‘nationally significant incidents’. In the 12 months to August 2023, 62 nationally significant incidents were recorded. This increased to 89 in 2024, and further rose to 204 in 2025. NCSC’s Annual Review provides further information on cyber incidents and trends.
On improving the cyber security of national infrastructure, I refer to my answer for UIN 906730, debated on 4 December 2025. The Government is committed to strengthening cyber security across the UK. The recently introduced Cyber Security and Resilience Bill will strengthen the UK’s cyber defences and ensure that critical infrastructure and the digital services on which companies rely are secure.
Asked by: James McMurdock (Independent - South Basildon and East Thurrock)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, what plans his Department has to improve cyber security infrastructure.
Answered by Dan Jarvis - Minister of State (Cabinet Office)
Cyber attacks against the UK are increasing in scale and impact. The National Cyber Security Centre (NCSC) categorises cyber incidents that have a substantial impact on the national security, the economy, or critical infrastructure as ‘nationally significant incidents’. In the 12 months to August 2023, 62 nationally significant incidents were recorded. This increased to 89 in 2024, and further rose to 204 in 2025. NCSC’s Annual Review provides further information on cyber incidents and trends.
On improving the cyber security of national infrastructure, I refer to my answer for UIN 906730, debated on 4 December 2025. The Government is committed to strengthening cyber security across the UK. The recently introduced Cyber Security and Resilience Bill will strengthen the UK’s cyber defences and ensure that critical infrastructure and the digital services on which companies rely are secure.
Asked by: Sarah Champion (Labour - Rotherham)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, which projects in Nigeria (a) receive funding from the Integrated Security Fund and (b) have ceased to receive funding from the Integrated Security Fund in the previous five financial years.
Answered by Dan Jarvis - Minister of State (Cabinet Office)
Since 1 April 2024 the cross-government Integrated Security Fund (ISF), and the previous Conflict, Stability and Security Fund (CSSF) have funded projects in Nigeria led by several government departments.
The CSSF and ISF has funded projects supporting Nigeria’s security and resilience in line with our priorities identified through the UK–Nigeria Security and Defence Partnership Dialogue. This has included projects dedicated to security sector reform to better meet the security needs of communities in vulnerable areas, strengthen accountability, improve the inclusion of women and girls to advance peacebuilding efforts and improve regional and inter-agency coordination. The ISF also funds projects which improve Nigeria’s capability to counter terrorism, serious and organised crime and illicit finance which directly threaten the UK and our interests. Historically the CSSF and ISF have funded projects to enhance Nigeria’s cyber resilience and reduce the upstream drivers of illicit migration to the UK.
The ISF is an agile fund, which directs its funding towards projects focused on tackling the top national security threats to the UK, and therefore ceases funding projects which have achieved their objectives, or when funding can be better directed to address more pressing threats.
The Hon Member can find further details on Overseas Development Aid (ODA) programmes supported in Nigeria on the GOV.UK Development Tracker (https://devtracker.fcdo.gov.uk/).
Asked by: Ellie Chowns (Green Party - North Herefordshire)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, whether the Government categorises large-scale AI and data-centre infrastructure to be of strategic national importance; and what protections or ownership safeguards it plans to apply to them.
Answered by Kanishka Narayan - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
Data centres are vital to the UK’s prosperity and security and underpin our digital economy and AI ambitions. We have taken decisive action and work closely with industry to monitor and mitigate potential future threats to data centres.
Last year we designated data centres as Critical National Infrastructure and are legislating through the Cyber Security and Resilience Bill to introduce proportionate regulatory oversight in the sector. The National Security and Investment (NSI) Act 2021 also gives the Government powers to intervene in or block investments and other acquisitions in the UK economy that could harm national security, and data infrastructure is one of the 17 mandatory areas of the economy requiring a notification to Government.
Asked by: Rachael Maskell (Labour (Co-op) - York Central)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, what steps he plans to take to help prevent data breaches associated with the proposed digital ID cards.
Answered by Josh Simons - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
The National Cyber Security Centre is advising the Government on how the new credential is built to the highest standard of security. This would operate a three lines of defence process - this helps ensure data is protected, fraud is deterred and detected, and threats are monitored and responded to.
Ensuring that security arrangements for the proposed digital ID scheme keeps pace with the changing threat landscape will be central to its development.
Asked by: James McMurdock (Independent - South Basildon and East Thurrock)
Question to the HM Treasury:
To ask the Chancellor of the Exchequer, what estimate she has made of the cost of cyber attacks on UK-based businesses in the last 12 months.
Answered by Lucy Rigby - Economic Secretary (HM Treasury)
An increasingly hostile cyber threat poses a risk to the UK economy and public finances. According to the Office for National Statistics, the decline in the manufacture of motor vehicles, observed in the wake of the cyber attack on Jaguar Land Rover, reduced September’s GDP by 0.17%. In the 2022 Fiscal Risks and Sustainability report, the Office for Budget Responsibility estimated that a cyber-attack on critical national infrastructure could temporarily increase borrowing by around £30 billion – equivalent to 1.1% of GDP.
Cyber-attacks have significant costs for UK businesses. Recent KPMG modelling for the Department for Science, Innovation and Technology suggests the average cost of a significant cyber-attack for an individual business in the UK is around £194,729. KPMG estimate this could represent a total yearly cost to businesses in the UK of £14.7 billion, representing 0.5% of the UK’s annual GDP.
The government is committed to strengthening cyber security across the UK. The National Cyber Security Centre (NCSC) provides a range of tools, guidance and support to businesses to improve their cyber security. At last year's Spending Review, the government increased the Single Intelligence Account's budget by £1 billion over the SR period, which funds the critical cybersecurity work conducted by NCSC.
The UK’s cyber resilience relies on all businesses playing their part. The Chancellor of the Exchequer; Secretary of State for Science, Innovation and Technology; Secretary of State for Business and Trade; Minister for Security; CEO of the National Cyber Security Centre and Director General of the National Crime Agency wrote to chief executives and chairs of FTSE 350 companies in October 2025 year asking them to make cyber security a top priority.
Asked by: James McMurdock (Independent - South Basildon and East Thurrock)
Question to the HM Treasury:
To ask the Chancellor of the Exchequer, what recent estimate her Department has made of the cost of cyber attacks to the economy.
Answered by Lucy Rigby - Economic Secretary (HM Treasury)
An increasingly hostile cyber threat poses a risk to the UK economy and public finances. According to the Office for National Statistics, the decline in the manufacture of motor vehicles, observed in the wake of the cyber attack on Jaguar Land Rover, reduced September’s GDP by 0.17%. In the 2022 Fiscal Risks and Sustainability report, the Office for Budget Responsibility estimated that a cyber-attack on critical national infrastructure could temporarily increase borrowing by around £30 billion – equivalent to 1.1% of GDP.
Cyber-attacks have significant costs for UK businesses. Recent KPMG modelling for the Department for Science, Innovation and Technology suggests the average cost of a significant cyber-attack for an individual business in the UK is around £194,729. KPMG estimate this could represent a total yearly cost to businesses in the UK of £14.7 billion, representing 0.5% of the UK’s annual GDP.
The government is committed to strengthening cyber security across the UK. The National Cyber Security Centre (NCSC) provides a range of tools, guidance and support to businesses to improve their cyber security. At last year's Spending Review, the government increased the Single Intelligence Account's budget by £1 billion over the SR period, which funds the critical cybersecurity work conducted by NCSC.
The UK’s cyber resilience relies on all businesses playing their part. The Chancellor of the Exchequer; Secretary of State for Science, Innovation and Technology; Secretary of State for Business and Trade; Minister for Security; CEO of the National Cyber Security Centre and Director General of the National Crime Agency wrote to chief executives and chairs of FTSE 350 companies in October 2025 year asking them to make cyber security a top priority.