With regard to the finding of the "National Cyber Threat Assessment 2025-2026" that vendor concentration in technology services increases cyber vulnerability: (a) what is the government's current assessment of its own level of dependence on dominant technology service providers, across all departments and agencies; (b) has the government conducted any specific studies or analyses, since January 1, 2023, to quantify its dependency on individual dominant technology service providers, and, if so, what are the details and findings of each such study or analysis; and (c) has the government formally identified specific dominant technology service providers whose compromise could lead to cascading disruptions of essential government services or endanger national security, and, if so, what are the names of these identified dominant service providers?
In the House of Commons on September 15th, 2025. See this statement in context.