Cyber threat against UK Government severe and advancing quickly, warns watchdog

29 January 2025, 00:04

Fingers typing on a dimly lit laptop keyboard
Fingers typing on a dimly lit laptop keyboard. Picture: PA

Officials have been told that Wednesday’s report from the National Audit Office should serve as a ‘wake-up call’.

The cyber threat towards the UK Government is “severe and advancing quickly”, according to a new report from the Government’s spending watchdog, with cyber resilience levels “lower” than Whitehall had estimated.

Officials have been told that Wednesday’s report from the National Audit Office should serve as a “wake-up call” and push them to “get on top of this most pernicious threat”.

A shortage of cyber skills within Government and risks posed by old IT systems are among the concerns officials have been told they must address if they are to “catch up with the acute cyber threat”.

According to the NAO report, more than 50% of roles in several departments’ cyber security teams were vacant on 2023/24, and at least 228 so-called legacy IT systems were in use across Government in March 2024, with officials unable to know how vulnerable those older systems may be to attack.

Among recent high-profile cyber attacks are one against the British Library in 2023, which saw employee data leaked, and a ransomware attack last summer that saw thousands of appointments cancelled at two London NHS trusts.

The National Cyber Security Centre managed 430 cyber incidents between September 2023 and August 2024 because of their potential severity. Of these, 89 were deemed to be “nationally significant”.

The cyber threat to the Government is severe and advancing quickly

NAO report, January 2025

The report concluded that “the cyber threat to the Government is severe and advancing quickly”, and although the Government has started work to implement a cyber strategy, “progress is slow and cyber incidents with a significant impact on Government and public services are likely to happen regularly, not least because of the growing cyber threat”.

It found that resilience levels are “lower” than Government had previously estimated and that some departments have “significant gaps” in the functions important to cyber resilience.

The report states: “To avoid serious incidents, build resilience and protect the value for money of its operations, Government must catch up with the acute cyber threat it faces.

“The Government will continue to find it difficult to do so until it successfully addresses the long-standing shortage of cyber skills, strengthens accountability for cyber risk and better manages the risks posed by legacy IT.”

The head of the NAO has told the Government they must now “catch up” with the risk.

Gareth Davies said: “The risk of cyber attack is severe, and attacks on key public services are likely to happen regularly, yet Government’s work to address this has been slow.

“To avoid serious incidents, build resilience and protect the value for money of its operations, Government must catch up with the acute cyber threat it faces.

“The Government will continue to find it difficult to catch up until it successfully addresses the long-standing shortage of cyber skills; strengthens accountability for cyber risk, and better manages the risks posed by legacy IT.”

The head of a cross-party committee of MPs has said that public services have been left “exposed” as Government response has “not kept pace” with the evolving cyber threat.

Today’s NAO report must serve as a stark wake-up call to Government to get on top of this most pernicious threat

Sir Geoffrey Clifton-Brown

Sir Geoffrey Clifton-Brown MP, chairman of the Public Accounts Committee, said: “We have seen too often the devastating impact of cyber attacks on our public services and people’s lives.

“Despite the rapidly evolving cyber threat, the Government’s response has not kept pace. Poor co-ordination across Government, a persistent shortage of cyber skills, and a dependence on outdated legacy IT systems are continuing to leave our public services exposed.

“Today’s NAO report must serve as a stark wake-up call to Government to get on top of this most pernicious threat.”

A Government spokesperson said: “Many of the NAO’s findings mirror the Government’s own findings in the state of digital government review published last week.

“Since July, we have taken action to repair cyber defences neglected by successive governments – introducing new legislation to give us powers to protect critical national infrastructure from cyber attacks, delivering 30 new regional cyber skills projects to strengthen the country’s digital workforce, and merging digital teams into one central Government Digital Service led by the Department for Science, Innovation and Technology.

“And last week we went further, announcing plans to upgrade technology across Government, both strengthening our defences against attack and transforming public services as part of the plan for change.”

By Press Association

More Technology News

See more More Technology News

A Barclays sign outside a branch

Barclays to hand share award to staff after yearly profit surges by a quarter

A bin of seized knives. A new AI tool from the University of Surrey has been unveiled which could help police forces more quickly identify and trace knives.

New AI tool to identify knives could ‘transform’ policing of knife crime

Former executive chairman of Google Eric Schmidt

Former Google boss warns of ‘extreme risk’ from terrorists posed by AI

A laptop displaying a ‘Matrix’-style screensaver

MPs: Ministers must give protections to creative sector amid AI copyright fears

French President Emmanuel Macron addresses the audience in a closing speech at the Grand Palais during the Artificial Intelligence Action Summit in Paris

Refusal to sign AI declaration was ‘based on what’s best for British people’

Someone at a computer keyboard

Airbnb issues warning over holiday scams fuelled by AI and social media

An HSBC branch

HSBC online and mobile banking working again after service outage

HSBC on growth across the UK

HSBC hit by outage as users complain of being unable to log on

The summit in Paris (Michel Euler/AP)

UK did not sign AI communique over ‘opportunity and security’ concerns – No 10

Sky Glass Gen 2

Sky unveils second generation Sky Glass TV promising ‘better picture and sound’

Technology Stock

UK announces sanctions against Russian cyber crime network

Participants in the AI Action Summit pose for a group photo at the Grand Palais in Paris

UK appears not to have signed leaders’ declaration at AI summit

OpenAI CEO Sam Altman

Sam Altman reiterates OpenAI ‘not for sale’ after Elon Musk-led bid

A young girl uses the TikTok app on a smartphone.

Data of dead British children may have been deleted, TikTok boss says

Elon Musk

Elon Musk offers $97bn to buy ChatGPT-maker OpenAI

Alesha Dixon (Jordan Pettitt/PA)

Alesha Dixon working ‘super hard’ to stop children having phones