This document is penned by the Dept of Culture, Media and Sports but still this says it all. It starts by saying
Government will (...) improve cyber risk management (...) through its implementation of (...) GDPR.
Then it closes any discussion with
For now, Government will not seek to pursue further general cyber security regulation for the wider economy over and above the GDPR.Which, in a sense, is a remarkable statement since GDPR is not, strictly speaking, about cyber security. It embeds and enforces cyber security but from a narrow angle of Personal Information.