1 day Ago By Jonathan Walker
The UK is struggling to cope with the growing threat from criminals and hostile states using computer hackers to target our institutions, Ministers have been warned. Countries including Russia , China and Iran are using “increasingly sophisticated methods to carry out malicious cyber activity” the National Audit Office (NAO) said. However the Government has been unable to recruit enough computer experts to counter the threat, partly because the pay on offer is too low.
One in three cyber-security roles in central government was either vacant or filled by temporary staff last year and in some departments half the roles were vacant. NAO head Gareth Davies said: “The risk of cyber attack is severe, and attacks on key public services are likely to happen regularly, yet government’s work to address this has been slow.” There were 89 cyber-attacks classed as “nationally significant” between September 2023 and August 2024.
Many of the most serious attacks were aimed at central and local government, health services and the police. An attack last year on a supplier of pathology services to the NHS in south-east London led to two NHS foundation trusts postponing 10,152 acute outpatient appointments and 1,710 elective procedures. The British Library took more than a year to recover after so-called ransomware attack in October 2023, when criminals stole encrypted data so it could not be accessed and demanded £600,000 for its return.
After the library refused, criminals released around 600GB of stolen data online. However many of the computer systems in government departments are old “legacy” systems and “the government does not know how vulnerable these are to cyber attack”, the NAO said. Meanwhile, efforts to recruit cyber-security experts have stalled.
The report warned: “The government finds it difficult to recruit and retain enough people with cyber skills and to upskill its existing workforce. For more than a decade, skilled cyber security professionals have been in short supply and high demand nationally and globally.” It said the Government had attempted to recruit more, but efforts had only been partially successful.
“Departments reported that the salaries they can pay and civil service recruitment processes are barriers to hiring and keeping people with cyber skills.” Mr Davies said: “To avoid serious incidents, build resilience and protect the value for money of its operations, government must catch up with the acute cyber threat it faces. “The government will continue to find it difficult to catch up until it successfully addresses the longstanding shortage of cyber skills; strengthens accountability for cyber risk; and better manages the risks posed by legacy IT.
” A Government spokesperson said: “Many of the NAO’s findings mirror the Government’s own findings in the State of Digital Government review published last week. “Since July, we have taken action to repair cyber defences neglected by successive governments - introducing new legislation to give us powers to protect critical national infrastructure from cyber attacks, delivering thirty new regional cyber skills projects to strengthen the country’s digital workforce, and merging digital teams into one central Government Digital Service led by the Department for Science, Innovation and Technology. “And last week we went further, announcing plans to upgrade technology across Government, both strengthening our defences against attack and transforming public services as part of the Plan for Change.
”.
