Government must improve its cybersecurity, warns UK watchdog
The government must fix its significant deficiencies as the cyber threat landscape outpaces its current defensive strategies, UK watchdog has warned.
According to Wednesday’s report by the National Audit Office (NAO), the UK has a huge shortage of skilled cyber security professionals within its government departments.
Gareth Davies, head of NAO, said: “The risk of cyber attack is severe, and attacks on key public services are likely to happen regularly, yet Government’s work to address this has been slow.”
Recently, Arctic Wolf’s chief executive Nick Schneider told City AM: “Whilst it is encouraging that most governing bodies are looking to ensure that they have the mechanisms to protect critical infrastructure from cyber attacks…the majority of the sector remains driven by private sectors
Between 2023 and 2024, over half of the roles within several governments’ cyber security teams remained vacant.
This staffing gap leaves public services vulnerable to potential cyber threats.
The NAO also pointed to the government’s reliance on outdated IT infrastructure as posing additional risk.
Recent cyber incidents show the severity of the current landscape. In 2023, the British Library experienced a cyber attack resulting in the exposure of its employee data.
A ransomware attack last summer also led to the cancellation of thousands of appointments across two London NHS trusts.
Between September 2023 and August 2024, the national cyber security centre managed 430 cyber incidents, 89 of which were classified as ‘nationally significant’.
The report from NAO concludes that our government’s progress in creating and implementing a strong cyber strategy has been insufficient.
Instead, it has left public services susceptible to severe cyber incidents.
Sir Geoffrey Clifton-Brown MP, chairman of the Public Accounts Committee, also noted that the government hasn’t kept pace with evolving cyber threats.
“Poor co-ordination across government, a persistent shortage of cyber skills and a dependence on outdated legacy IT systems are continuing to leave our public services exposed”, he said.
“Today’s NAO report must serve as a stark wake-up call to government to get on top of this most pernicious threat.”
This news comes as cyber security concerns rise across various sectors, amid the implementation of the Digital Operations Resilience Act (DORA) earlier this month.
Research from Rubrik also recently found that ransomware remains the biggest threat to UK finance and banking organisations, with 46 per cent of respondents citing it as a great security concern.
James Hughes, VP of sales and enterprise CTO at Rubrik, said: “Given the increasing threat of ransomware and third-party compromise, the implementation of regulations is required and expensive”.