UK Government Faces "Severe and Advancing" Cyber Threat, Report Warns

A Wake-Up Call

The UK government faces a "severe and rapidly advancing" cyber threat, according to a new report by the National Audit Office (NAO). The report highlights several concerning issues, including a shortage of cyber skills within government, outdated IT systems, and low levels of cyber resilience.

The NAO report reveals that over 50% of roles in several departments' cyber security teams were vacant in 2023/24. Additionally, at least 228 legacy IT systems were in use across government in March 2024, with officials unable to assess their vulnerability to attacks. These vulnerabilities leave the government susceptible to cyber attacks, which can have significant impacts on public services and citizens' lives.

Recent high-profile cyber attacks against the British Library and two London NHS trusts underscore the severity of the threat. The NAO report emphasizes that cyber incidents with significant impacts are likely to occur regularly, not least because of the growing cyber threat.

The report concludes that the government's progress in implementing a cyber strategy has been slow. Resilience levels are lower than previously estimated, and some departments have significant gaps in their cyber resilience functions.

Address the shortage of cyber skills: This can be achieved through initiatives like training programs and recruitment campaigns.

Clearer roles and responsibilities for managing cyber risk are needed.

Upgrading or replacing outdated systems is crucial to improve cyber security.

"The risk of cyber attack is severe, and attacks on key public services are likely to happen regularly, yet Government’s work to address this has been slow."

"Poor co-ordination across Government, a persistent shortage of cyber skills, and a dependence on outdated legacy IT systems are continuing to leave our public services exposed."

The government acknowledges the findings of the NAO report and highlights its efforts to improve cyber security. However, the report serves as a stark reminder of the need for urgent action to address the growing cyber threat and protect public services and citizens.