Officials have been warned they must ‘get on top of this most pernicious threat’ as cyber attacks are ‘one of the most serious risks’ currently facing the UK government
The cyber threat to the UK government is “severe and advancing quickly”, an independent watchdog has warned.
Officials have been told they must “get on top of this most pernicious threat” as cyber attacks are “one of the most serious risks” facing the UK. The National Audit Office’s (NAO) report, published on Wednesday, is hoped to act as a “wake-up call” to the Government after finding slow progress and low resilience to cyber threats.
Recent high-profile cyber attacks include one against the British Library in 2023, which saw employee data leaked, and a ransomware attack last summer that saw thousands of appointments cancelled at two London NHS trusts.
According to the NAO, more than 50% of roles in several departments’ cyber security teams were vacant in 2023/24. The public spending watchdog said at least 228 so-called legacy IT systems were in use across Whitehall in March 2024, with officials unable to know how vulnerable those older systems may be to attack.
The National Cyber Security Centre managed 430 cyber incidents between September 2023 and August 2024 because of their potential severity. Of these, 89 were deemed to be “nationally significant”. The report found that threat actors include those who are “state-affiliated” and funded by foreign governments and those who are financially motivated such as cyber criminals.
Senior Tory MP Geoffrey Clifton-Brown, who is chair of the public accounts committee, said: “We have seen too often the devastating impact of cyber-attacks on our public services and people’s lives. Despite the rapidly evolving cyber threat, government’s response has not kept pace.
“Poor coordination across government, a persistent shortage of cyber skills, and a dependence on outdated legacy IT systems are continuing to leave our public services exposed. Today’s NAO report must serve as a stark wake-up call to government to get on top of this most pernicious threat.”
BLUESKY: Follow our Mirror Politics account on Bluesky here. And follow our Mirror Politics team here – Lizzy Buchan, Jason Beattie, Kevin Maguire, Sophie Huskisson, Dave Burke, Ashley Cowburn, Mikey Smith
POLITICS WHATSAPP: Be first to get the biggest bombshells and breaking news by joining our Politics WhatsApp group here. We also treat our community members to special offers, promotions, and adverts from us and our partners. If you want to leave our community, you can check out any time you like. If you’re curious, you can read our Privacy Notice.
NEWSLETTER: Or sign up here to the Mirror’s Politics newsletter for all the best exclusives and opinions straight to your inbox.
PODCAST: And listen to our exciting new political podcast The Division Bell, hosted by the Mirror and the Express every Thursday.
Gareth Davies, head of the NAO said: “The risk of cyber attack is severe, and attacks on key public services are likely to happen regularly, yet government’s work to address this has been slow. To avoid serious incidents, build resilience and protect the value for money of its operations, government must catch up with the acute cyber threat it faces.”
A Government spokesman said: “Many of the NAO’s findings mirror the Government’s own findings in the state of digital government review published last week. Since July, we have taken action to repair cyber defences neglected by successive governments – introducing new legislation to give us powers to protect critical national infrastructure from cyber attacks, delivering 30 new regional cyber skills projects to strengthen the country’s digital workforce, and merging digital teams into one central Government Digital Service led by the Department for Science, Innovation and Technology.
“And last week we went further, announcing plans to upgrade technology across Government, both strengthening our defences against attack and transforming public services as part of the plan for change.”
