Cyber threat towards UK Government 'severe and advancing quickly' - as resilience levels 'lower' than Whitehall estimated

29 January 2025, 05:28 | Updated: 29 January 2025, 06:12

No code is uncrackable. an unidentifiable computer hacker using a smartphone to hack into a computer network at night.
A shortage of cyber skills within Government and risks posed by old IT systems are among concerns. Picture: Alamy

By Flaminia Luck

The cyber threat towards the UK Government is "severe and advancing quickly", according to a new report from the Government's spending watchdog, with cyber resilience levels "lower" than Whitehall had estimated.

Listen to this article

Loading audio...

Officials have been told that Wednesday's report from the National Audit Office should serve as a "wake-up call" and push them to "get on top of this most pernicious threat".

A shortage of cyber skills within Government and risks posed by old IT systems are among the concerns officials have been told they must address if they are to "catch up with the acute cyber threat".

According to the NAO report, more than 50% of roles in several departments' cyber security teams were vacant on 2023/24, and at least 228 so-called legacy IT systems were in use across Government in March 2024, with officials unable to know how vulnerable those older systems may be to attack.

Among recent high-profile cyber attacks are one against the British Library in 2023, which saw employee data leaked, and a ransomware attack last summer that saw thousands of appointments cancelled at two London NHS trusts.

The National Cyber Security Centre managed 430 cyber incidents between September 2023 and August 2024 because of their potential severity. Of these, 89 were deemed to be "nationally significant".

The report concluded that "the cyber threat to the Government is severe and advancing quickly", and although the Government has started work to implement a cyber strategy, "progress is slow and cyber incidents with a significant impact on Government and public services are likely to happen regularly, not least because of the growing cyber threat".

It found that resilience levels are "lower" than Government had previously estimated and that some departments have "significant gaps" in the functions important to cyber resilience.

The report states: "To avoid serious incidents, build resilience and protect the value for money of its operations, Government must catch up with the acute cyber threat it faces.

"The Government will continue to find it difficult to do so until it successfully addresses the long-standing shortage of cyber skills, strengthens accountability for cyber risk and better manages the risks posed by legacy IT."

The head of the NAO has told the Government they must now "catch up" with the risk.

Gareth Davies said: "The risk of cyber attack is severe, and attacks on key public services are likely to happen regularly, yet Government's work to address this has been slow.

"To avoid serious incidents, build resilience and protect the value for money of its operations, Government must catch up with the acute cyber threat it faces.

"The Government will continue to find it difficult to catch up until it successfully addresses the long-standing shortage of cyber skills; strengthens accountability for cyber risk, and better manages the risks posed by legacy IT."

The head of a cross-party committee of MPs has said that public services have been left "exposed" as Government response has "not kept pace" with the evolving cyber threat.

911 Operations Center at Suffolk County Police Headquarters in Yaphank, New York
The head of the NAO has told the Government they must now "catch up" with the risk. Picture: Getty

Read more: Keir Starmer insists economy is 'beginning to turn around' as he bids to rescue UK's stuttering finances

Read more: Ministers reject calls to widen the definition of extremism

Sir Geoffrey Clifton-Brown MP, chairman of the Public Accounts Committee, said: "We have seen too often the devastating impact of cyber attacks on our public services and people's lives.

"Despite the rapidly evolving cyber threat, the Government's response has not kept pace. Poor co-ordination across Government, a persistent shortage of cyber skills, and a dependence on outdated legacy IT systems are continuing to leave our public services exposed.

"Today's NAO report must serve as a stark wake-up call to Government to get on top of this most pernicious threat."

A Government spokesperson said: "Many of the NAO's findings mirror the Government's own findings in the state of digital government review published last week.

"Since July, we have taken action to repair cyber defences neglected by successive governments - introducing new legislation to give us powers to protect critical national infrastructure from cyber attacks, delivering 30 new regional cyber skills projects to strengthen the country's digital workforce, and merging digital teams into one central Government Digital Service led by the Department for Science, Innovation and Technology.

"And last week we went further, announcing plans to upgrade technology across Government, both strengthening our defences against attack and transforming public services as part of the plan for change."

More Latest News

See more More Latest News

Exclusive
The former Deputy Foreign Secretary said: “Many countries in Europe are simply not spending anywhere near, in percentage terms, what America is spending.

UK needs to ‘spend less on welfare and more on defence’ to support Ukraine, former Deputy Foreign Secretary tells LBC

Craig and Lindsay Foreman

British couple detained in Iran pictured for the first time as family break silence on 'distressing situation'

The Jet2 plane was forced to divert.

Jet2 plane bound for UK makes emergency landing after passenger dies on board

he Philadelphia Eagles celebrate in front of the Philadelphia Museum of Art during the Philadelphia Eagles Super Bowl Championship Parade on February 14, 2025

Two women shot and injured during Philadelphia Eagles Super Bowl victory parade, police say

Social media footage showed a man being kicked on the ground by his knife-wielding attacker.

Two charged by police after shock footage shows man kicked and spat at by knifeman after ‘burning Koran’ in London

Jannik Sinner

World tennis number one Jannik Sinner handed three-month ban for doping

Keith Edun, 47, used the messaging app “Kik” to spread vile images of children

Predator who encouraged man to rape a baby after sharing vile images of children online is jailed for 21 years

President of Ukraine Volodymyr Zelensky speaks during the 61st Munich Security Conference on February 15, 2025 in Munich, Germany.

Zelenskyy calls for creation of ‘European army’ as he warns Russia 'will pull Europe apart' if not defeated

The woman who said she was raped by rappers and business moguls Jay-Z and Sean "Diddy" Combs in 2000, when she was 13, has dropped her civil lawsuit against both men.

Woman who accused Jay-Z and Sean ‘Diddy’ Combs of raping her when she was 13 drops lawsuit

Liam Payne died last Wednesday.

One Direction star Liam Payne was 'sectioned' after near-fatal overdose months before death, close friend claims

Hamas hands over 3 Israeli hostages in the Gaza Strip to Red Cross

Israeli hostages paraded on stage before being freed as four Palestinian prisoners released in 'critical condition'

uk british national lottery euromillions ticket with picks

Winning numbers revealed as single UK EuroMillions ticket holder scoops massive £65million Valentine’s Day jackpot

Breaking
Emergency services were called just after 7pm on Friday amid reports a woman had suffered serious injuries

Woman dies after Valentine's Day shooting at village pub as murder probe launched

Rob and Lindsey Burrow a few weeks before he died

Rob Burrow's wife reveals heartbreaking moment she knew rugby league star 'couldn't go on' with MND struggle

Axel Rudakubana will be 'target number one' in prison

Southport killer Axel Rudakubana's sentence won't be referred to Court of Appeal despite claims it's 'unduly lenient'

The damaged shield

'Risk of radioactive leak' after Russian 'high explosive' drone hits Chernobyl, causing 'significant damage'