The UK could be hit by a cyber attack (Image: PA)
government is under “severe and rapidly escalating” , according to an independent watchdog. The National Audit Office (NAO) has issued a stark warning that officials must urgently address this “get on top of this most pernicious threat”, as pose “one of the most serious risks” to the nation.
The NAO’s report, released on Wednesday, is intended to serve as a governmental “wake-up call”, highlighting sluggish progress and weak resilience against cyber threats. Notable recent cyber attacks include a data breach at the British Library in 2023 and a ransomware attack last summer that led to thousands of appointments being cancelled at two London NHS trusts.
The NAO revealed that over half of several departments’ cyber security team roles were unfilled in 2023/24. The public spending watchdog also identified at least 228 outdated IT systems still in use across Whitehall as of March 2024, with officials uncertain about their vulnerability to attacks.
Between September 2023 and August 2024, the National Cyber Security Centre handled 430 cyber incidents due to their potential severity, with 89 classified as “nationally significant”. The report identified threat actors ranging from “state-affiliated” groups funded by foreign governments to financially motivated cyber criminals.
Senior Tory MP Geoffrey Clifton-Brown, who chairs the public accounts committee, has sounded the alarm on the UK’s cyber vulnerabilities. He said: “We have seen too often the devastating impact of cyber-attacks on our public services and people’s lives. Despite the rapidly evolving cyber threat, government’s response has not kept pace.”
The NHS could be hit by cyber attacks (Image: PA)
He highlighted the systemic issues plaguing the nation’s cybersecurity, saying: “Poor coordination across government, a persistent shortage of cyber skills, and a dependence on outdated legacy IT systems are continuing to leave our public services exposed. Today’s NAO report must serve as a stark wake-up call to government to get on top of this most pernicious threat.”
Gareth Davies, the head of the National Audit Office (NAO), also weighed in with a dire assessment, saying: “The risk of cyber attack is severe, and attacks on key public services are likely to happen regularly, yet government’s work to address this has been slow. To avoid serious incidents, build resilience and protect the value for money of its operations, government must catch up with the acute cyber threat it faces.”
A Government spokesperson told the : “Many of the NAO’s findings mirror the Government’s own findings in the state of digital government review published last week. Since July, we have taken action to repair cyber defences neglected by successive governments – introducing new legislation to give us powers to protect critical national infrastructure from cyber attacks, delivering 30 new regional cyber skills projects to strengthen the country’s digital workforce, and merging digital teams into one central Government Digital Service led by the Department for Science, Innovation and Technology.
They added: “And last week we went further, announcing plans to upgrade technology across Government, both strengthening our defences against attack and transforming public services as part of the plan for change.”