Cyber threat towards UK Government 'severe and advancing quickly' - as resilience levels 'lower' than Whitehall estimated

29 January 2025, 05:28 | Updated: 29 January 2025, 06:12

No code is uncrackable. an unidentifiable computer hacker using a smartphone to hack into a computer network at night.
A shortage of cyber skills within Government and risks posed by old IT systems are among concerns. Picture: Alamy

By Flaminia Luck

The cyber threat towards the UK Government is "severe and advancing quickly", according to a new report from the Government's spending watchdog, with cyber resilience levels "lower" than Whitehall had estimated.

Listen to this article

Loading audio...

Officials have been told that Wednesday's report from the National Audit Office should serve as a "wake-up call" and push them to "get on top of this most pernicious threat".

A shortage of cyber skills within Government and risks posed by old IT systems are among the concerns officials have been told they must address if they are to "catch up with the acute cyber threat".

According to the NAO report, more than 50% of roles in several departments' cyber security teams were vacant on 2023/24, and at least 228 so-called legacy IT systems were in use across Government in March 2024, with officials unable to know how vulnerable those older systems may be to attack.

Among recent high-profile cyber attacks are one against the British Library in 2023, which saw employee data leaked, and a ransomware attack last summer that saw thousands of appointments cancelled at two London NHS trusts.

The National Cyber Security Centre managed 430 cyber incidents between September 2023 and August 2024 because of their potential severity. Of these, 89 were deemed to be "nationally significant".

The report concluded that "the cyber threat to the Government is severe and advancing quickly", and although the Government has started work to implement a cyber strategy, "progress is slow and cyber incidents with a significant impact on Government and public services are likely to happen regularly, not least because of the growing cyber threat".

It found that resilience levels are "lower" than Government had previously estimated and that some departments have "significant gaps" in the functions important to cyber resilience.

The report states: "To avoid serious incidents, build resilience and protect the value for money of its operations, Government must catch up with the acute cyber threat it faces.

"The Government will continue to find it difficult to do so until it successfully addresses the long-standing shortage of cyber skills, strengthens accountability for cyber risk and better manages the risks posed by legacy IT."

The head of the NAO has told the Government they must now "catch up" with the risk.

Gareth Davies said: "The risk of cyber attack is severe, and attacks on key public services are likely to happen regularly, yet Government's work to address this has been slow.

"To avoid serious incidents, build resilience and protect the value for money of its operations, Government must catch up with the acute cyber threat it faces.

"The Government will continue to find it difficult to catch up until it successfully addresses the long-standing shortage of cyber skills; strengthens accountability for cyber risk, and better manages the risks posed by legacy IT."

The head of a cross-party committee of MPs has said that public services have been left "exposed" as Government response has "not kept pace" with the evolving cyber threat.

911 Operations Center at Suffolk County Police Headquarters in Yaphank, New York
The head of the NAO has told the Government they must now "catch up" with the risk. Picture: Getty

Read more: Keir Starmer insists economy is 'beginning to turn around' as he bids to rescue UK's stuttering finances

Read more: Ministers reject calls to widen the definition of extremism

Sir Geoffrey Clifton-Brown MP, chairman of the Public Accounts Committee, said: "We have seen too often the devastating impact of cyber attacks on our public services and people's lives.

"Despite the rapidly evolving cyber threat, the Government's response has not kept pace. Poor co-ordination across Government, a persistent shortage of cyber skills, and a dependence on outdated legacy IT systems are continuing to leave our public services exposed.

"Today's NAO report must serve as a stark wake-up call to Government to get on top of this most pernicious threat."

A Government spokesperson said: "Many of the NAO's findings mirror the Government's own findings in the state of digital government review published last week.

"Since July, we have taken action to repair cyber defences neglected by successive governments - introducing new legislation to give us powers to protect critical national infrastructure from cyber attacks, delivering 30 new regional cyber skills projects to strengthen the country's digital workforce, and merging digital teams into one central Government Digital Service led by the Department for Science, Innovation and Technology.

"And last week we went further, announcing plans to upgrade technology across Government, both strengthening our defences against attack and transforming public services as part of the plan for change."

More Latest News

See more More Latest News

Donald Trump signs an executive order imposing tariffs on imported goods

'Liberation Day' explained: What are Trump's tariffs and how will they impact the UK?

The blurry thieves stole £3,000 worth of cigarettes and vapes.

Police release CCTV after thieves steal £3,000 of vapes - but images leave the public calling for 'the ghostbusters'

Julie Goodyear

Julie Goodyear's husband shares rare photo of Coronation Street star two years on from dementia diagnosis

: An aerial view shows the scorched graveyard around a church following a large blaze the previous day, on July 20, 2022 in Wennington, Greater London

Londoners urged not to have barbecues this weekend amid soaring temperatures 'because of wildfire risk'

Lord Sugar labels Trump tariffs 'a disaster' as Apprentice star teases potential US Presidential meeting

Lord Sugar labels Trump tariffs 'a disaster' - as Apprentice star teases potential US Presidential meeting

Mother and two children struck and killed by a vehicle in Brooklyn, New York: driver operating suspended license

Husband left 'utterly bereft' after Brit mum and two daughters killed in New York car crash

The Nintendo Switch 2 will release on June 5, 2025

Nintendo Switch 2: Exciting reveal, but why is it more expensive here?

BRITAIN-FUNERAL-POLICE

Funeral director charged with 64 offences including fraud, theft and preventing 30 lawful burials

swallow-tail

Brits urged to 'stop mowing lawns' amid 'national butterfly crisis' with more than half of species in decline

Kyle Kitchen, 38, murdered eight-week-old Primose Kane

Dad who murdered daughter by violently shaking her as baby is jailed for life

Buildings that were destroyed during the Israeli ground and air operations in Gaza

Israel expands ground attack on Gaza to seize 'large areas' - despite pleas from hostage families

Douglas Clifton Brown, 56, tried to kill his estranged wife

Old Etonian who tried to murder his estranged partner by throwing her down a 240ft well is jailed for 24 years

Kaliyah Coa, 11, was reportedly down at the water when she was 'swept away'

Pictured: Missing 11-year-old 'swept away' while paddling in the River Thames

Hot cross buns could be scarce this Easter as farmers continue to protest against Rachel Reeves' 'tractor tax'.

Hot cross bun shortage looms as farmers escalate 'tractor tax' protests

Tanesha Melbourne-Blake was shot

Teenage girl shot dead during gang 'ride-out' following social media humiliation

Mother and two children struck and killed by a vehicle in Brooklyn, New York: driver operating suspended license

Brit mum and daughters, eight and five, killed in crash by driver who said 'I have the devil in me'