Cyber threat towards UK Government 'severe and advancing quickly' - as resilience levels 'lower' than Whitehall estimated

29 January 2025, 05:28 | Updated: 29 January 2025, 06:12

No code is uncrackable. an unidentifiable computer hacker using a smartphone to hack into a computer network at night.
A shortage of cyber skills within Government and risks posed by old IT systems are among concerns. Picture: Alamy

By Flaminia Luck

The cyber threat towards the UK Government is "severe and advancing quickly", according to a new report from the Government's spending watchdog, with cyber resilience levels "lower" than Whitehall had estimated.

Listen to this article

Loading audio...

Officials have been told that Wednesday's report from the National Audit Office should serve as a "wake-up call" and push them to "get on top of this most pernicious threat".

A shortage of cyber skills within Government and risks posed by old IT systems are among the concerns officials have been told they must address if they are to "catch up with the acute cyber threat".

According to the NAO report, more than 50% of roles in several departments' cyber security teams were vacant on 2023/24, and at least 228 so-called legacy IT systems were in use across Government in March 2024, with officials unable to know how vulnerable those older systems may be to attack.

Among recent high-profile cyber attacks are one against the British Library in 2023, which saw employee data leaked, and a ransomware attack last summer that saw thousands of appointments cancelled at two London NHS trusts.

The National Cyber Security Centre managed 430 cyber incidents between September 2023 and August 2024 because of their potential severity. Of these, 89 were deemed to be "nationally significant".

The report concluded that "the cyber threat to the Government is severe and advancing quickly", and although the Government has started work to implement a cyber strategy, "progress is slow and cyber incidents with a significant impact on Government and public services are likely to happen regularly, not least because of the growing cyber threat".

It found that resilience levels are "lower" than Government had previously estimated and that some departments have "significant gaps" in the functions important to cyber resilience.

The report states: "To avoid serious incidents, build resilience and protect the value for money of its operations, Government must catch up with the acute cyber threat it faces.

"The Government will continue to find it difficult to do so until it successfully addresses the long-standing shortage of cyber skills, strengthens accountability for cyber risk and better manages the risks posed by legacy IT."

The head of the NAO has told the Government they must now "catch up" with the risk.

Gareth Davies said: "The risk of cyber attack is severe, and attacks on key public services are likely to happen regularly, yet Government's work to address this has been slow.

"To avoid serious incidents, build resilience and protect the value for money of its operations, Government must catch up with the acute cyber threat it faces.

"The Government will continue to find it difficult to catch up until it successfully addresses the long-standing shortage of cyber skills; strengthens accountability for cyber risk, and better manages the risks posed by legacy IT."

The head of a cross-party committee of MPs has said that public services have been left "exposed" as Government response has "not kept pace" with the evolving cyber threat.

911 Operations Center at Suffolk County Police Headquarters in Yaphank, New York
The head of the NAO has told the Government they must now "catch up" with the risk. Picture: Getty

Read more: Keir Starmer insists economy is 'beginning to turn around' as he bids to rescue UK's stuttering finances

Read more: Ministers reject calls to widen the definition of extremism

Sir Geoffrey Clifton-Brown MP, chairman of the Public Accounts Committee, said: "We have seen too often the devastating impact of cyber attacks on our public services and people's lives.

"Despite the rapidly evolving cyber threat, the Government's response has not kept pace. Poor co-ordination across Government, a persistent shortage of cyber skills, and a dependence on outdated legacy IT systems are continuing to leave our public services exposed.

"Today's NAO report must serve as a stark wake-up call to Government to get on top of this most pernicious threat."

A Government spokesperson said: "Many of the NAO's findings mirror the Government's own findings in the state of digital government review published last week.

"Since July, we have taken action to repair cyber defences neglected by successive governments - introducing new legislation to give us powers to protect critical national infrastructure from cyber attacks, delivering 30 new regional cyber skills projects to strengthen the country's digital workforce, and merging digital teams into one central Government Digital Service led by the Department for Science, Innovation and Technology.

"And last week we went further, announcing plans to upgrade technology across Government, both strengthening our defences against attack and transforming public services as part of the plan for change."

More Latest News

See more More Latest News

Formula 1 Japanese Grand Prix 2025

Max Verstappen wins his first race of the season as he fends off Lando Norris at Japanese Grand Prix

A law that bans fake reviews and so called drip pricing for online shopping has come into force.

UK bans fake reviews and hidden fees in new law to protect online shoppers

Lucy Connolly was jailed for 31 months.

Tory councillor's wife who was jailed for inciting racial hatred after Southport attacks 'should be freed', says ex-PM

Chancellor Rachel Reeves said at last year's Budget that the move would raise £25 billion per year by 2029

Prices ‘pushed higher’ and warnings of job losses as National Insurance rise comes into effect

Video footage shows the convoy had emergency lights flashing when it was hit

Israel admits ‘mistakenly’ killing 15 aid workers after video leak contradicted official version of events

Police found two men stabbed on on Erconwald Street in East Acton. One of them died at the scene

Murder probe as man knifed to death in double stabbing in London street

Dan Norris, pictured here next to Keir Starmer has also been held on suspicion of misconduct in public office

Labour MP arrested on suspicion of rape and child sex offences

The victim, centre, and his two killers

Moment London knife victim, 22, buys drinks for his killers before they stab him to death in street

An armed Met counter-terror firearms unit at Downing Street

UK police chiefs ‘plan national counter-terrorism force’

Patrick Mullins aboard Nick Rockett after winning the Randox Grand Nationa

Nick Rockett wins 2025 Grand National at Aintree holding off last year's winner I Am Maximus

She was reportedly robbed outside an Italian restaurant in Cheshire

Wife of Man Utd goalkeeper Andre Onana ‘robbed of £62K handbag and Rolex’

Jaguar Land Rover has paused shipments to the US in the wake of 'Liberation Day' tariffs

Jaguar Land Rover halts shipments to US in wake of tariffs as Trump insists he'll win 'economic revolution'

The fire happened at Goldenbeach Holiday Park, Roman Bank, Ingoldmells.

Two people killed in caravan fire at holiday park in Lincolnshire

Easter eggs have been recalled over a potential risk of 'metal'

'Do not eat' warning as major chocolate brand recalls two Easter eggs amid fears they contain metal

Flowers and toys left on a swing seat to commemorate victims killed in Russia's missile attack on Friday

Death toll from Russian strike on Zelenskyy's home town rises as 18 confirmed dead - including nine children

Lucy Connolly

Tory councillor's wife who was jailed for racial hatred tweet after Southport attacks 'denied temporary release'