Cyber threat towards UK Government 'severe and advancing quickly' - as resilience levels 'lower' than Whitehall estimated

29 January 2025, 05:28 | Updated: 29 January 2025, 06:12

No code is uncrackable. an unidentifiable computer hacker using a smartphone to hack into a computer network at night.
A shortage of cyber skills within Government and risks posed by old IT systems are among concerns. Picture: Alamy

By Flaminia Luck

The cyber threat towards the UK Government is "severe and advancing quickly", according to a new report from the Government's spending watchdog, with cyber resilience levels "lower" than Whitehall had estimated.

Listen to this article

Loading audio...

Officials have been told that Wednesday's report from the National Audit Office should serve as a "wake-up call" and push them to "get on top of this most pernicious threat".

A shortage of cyber skills within Government and risks posed by old IT systems are among the concerns officials have been told they must address if they are to "catch up with the acute cyber threat".

According to the NAO report, more than 50% of roles in several departments' cyber security teams were vacant on 2023/24, and at least 228 so-called legacy IT systems were in use across Government in March 2024, with officials unable to know how vulnerable those older systems may be to attack.

Among recent high-profile cyber attacks are one against the British Library in 2023, which saw employee data leaked, and a ransomware attack last summer that saw thousands of appointments cancelled at two London NHS trusts.

The National Cyber Security Centre managed 430 cyber incidents between September 2023 and August 2024 because of their potential severity. Of these, 89 were deemed to be "nationally significant".

The report concluded that "the cyber threat to the Government is severe and advancing quickly", and although the Government has started work to implement a cyber strategy, "progress is slow and cyber incidents with a significant impact on Government and public services are likely to happen regularly, not least because of the growing cyber threat".

It found that resilience levels are "lower" than Government had previously estimated and that some departments have "significant gaps" in the functions important to cyber resilience.

The report states: "To avoid serious incidents, build resilience and protect the value for money of its operations, Government must catch up with the acute cyber threat it faces.

"The Government will continue to find it difficult to do so until it successfully addresses the long-standing shortage of cyber skills, strengthens accountability for cyber risk and better manages the risks posed by legacy IT."

The head of the NAO has told the Government they must now "catch up" with the risk.

Gareth Davies said: "The risk of cyber attack is severe, and attacks on key public services are likely to happen regularly, yet Government's work to address this has been slow.

"To avoid serious incidents, build resilience and protect the value for money of its operations, Government must catch up with the acute cyber threat it faces.

"The Government will continue to find it difficult to catch up until it successfully addresses the long-standing shortage of cyber skills; strengthens accountability for cyber risk, and better manages the risks posed by legacy IT."

The head of a cross-party committee of MPs has said that public services have been left "exposed" as Government response has "not kept pace" with the evolving cyber threat.

911 Operations Center at Suffolk County Police Headquarters in Yaphank, New York
The head of the NAO has told the Government they must now "catch up" with the risk. Picture: Getty

Read more: Keir Starmer insists economy is 'beginning to turn around' as he bids to rescue UK's stuttering finances

Read more: Ministers reject calls to widen the definition of extremism

Sir Geoffrey Clifton-Brown MP, chairman of the Public Accounts Committee, said: "We have seen too often the devastating impact of cyber attacks on our public services and people's lives.

"Despite the rapidly evolving cyber threat, the Government's response has not kept pace. Poor co-ordination across Government, a persistent shortage of cyber skills, and a dependence on outdated legacy IT systems are continuing to leave our public services exposed.

"Today's NAO report must serve as a stark wake-up call to Government to get on top of this most pernicious threat."

A Government spokesperson said: "Many of the NAO's findings mirror the Government's own findings in the state of digital government review published last week.

"Since July, we have taken action to repair cyber defences neglected by successive governments - introducing new legislation to give us powers to protect critical national infrastructure from cyber attacks, delivering 30 new regional cyber skills projects to strengthen the country's digital workforce, and merging digital teams into one central Government Digital Service led by the Department for Science, Innovation and Technology.

"And last week we went further, announcing plans to upgrade technology across Government, both strengthening our defences against attack and transforming public services as part of the plan for change."

More Latest News

See more More Latest News

Father Gilliot is believed to have taken his own life last Saturday

Catholic priest who fell out with French toddler Emile Soleil's murder suspects 'commits suicide'

President Donald Trump and Defense Secretary Pete Hegseth

Full Yemen attack plans discussed by Trump cabinet in leaked Signal group released in full

The Chancellor of Exchequer Rachel Reeves leaving 10 Downing Street

Spring Budget 2025 summary: What Rachel Reeves announced in today's speech

Duffy teased a remix of one of her most iconic songs as she made a return to social media

Singer Duffy seen for the first time in 10 years after horror kidnap ordeal

Chancellor of the Exchequer Rachel Reeves

Rachel Reeves admits UK growth forecast to be slashed in half as she announces £3.4bn in benefits cuts

Home Office UK Visas and Immigration sign on wall, Liverpool England,

Judge blocked paedophile’s deportation to Pakistan because he 'could be persecuted as an alcoholic'

Norwegian athlete Jakob Ingebrigtsen is pictured at the South Rogaland District Court during the criminal case against his father Gjert Arne Ingebrigtsen.

Olympic champion says he 'lived in fear' as dad 'would beat me until I was sick' in damning physical abuse case

Ashley Surcombe

Brit influencer, 29, left fighting for her life in South Korea after being found unconscious at home

Anna Prokofieva

Russian war correspondent dies after being blown up by mine on border with Ukraine

Police found a dead baby inside a Marks & Spencer bag outside a church in west London

Couple seen ‘dropping bag’ before dead baby boy found in Notting Hill - as police urge mother to come forward

E-bikes are being banned from the Tube

E-bikes to be banned from Tube, Elizabeth line and London Overground due to fire risk

Molly Mae has addressed the current status of her relationship with Tommy

Molly-Mae breaks silence on relationship with Tommy Fury after Dubai trip to 'figure things out'

At least 18 people have been killed in South Korea's worst wildfire outbreak

At least 18 dead in 'worst-ever wildfires' to hit South Korea, as tens of thousands flee the flames

A group of thugs were filmed fighting with machetes on a Tube platform

Moment thugs armed with machetes fight on Tube platform in front of horrified commuters

Brits have been warned of fog across the UK (stock images)

Met Office issues fog warning with motorists told to 'avoid travel' and flights at risk of being cancelled

Rachel Reeves delivering the Spring Statement today

Benefits cuts and more cash for defence: Everything we know about Rachel Reeves' Spring Statement