Are you a client?
Sign in to view the full news archive.
The UK government’s preparedness for cyberattacks is dangerously inadequate, according to a new report from the Public Accounts Committee (PAC). Despite growing threats from hostile states and cybercriminals, Whitehall’s cyber defences have failed to evolve at the required pace, with department funding and decision making not reflecting the urgency of the issue. The PAC warns that outdated IT infrastructure, staffing shortages, and poor leadership are severely undermining the nation’s digital resilience. Such warnings have also been echoed previously by the National Audit Office (NAO), which in January urged the UK government to act now to build its capabilities and defences against a rapidly increasing and evolving cyber threat (See - NAO: Government must act now to build cyber resilience).
Around 28% of the public sector’s IT estate consists of outdated 'legacy' systems, with 319 such systems identified by early 2025. Of these, a quarter are considered red rated (high-risk), yet the government lacks a full picture of how many legacy systems exist. This is not the first time that the lack of cyber resilience in central government has been called out. In data released last year, the MoD was reported to have weakest cybersecurity in Whitehall with 11 ‘red rated’ systems (See - MoD reported to have weakest cybersecurity in Whitehall).
The Cabinet Office, tasked with overseeing cyber security strategy, conceded to the PAC that the threat has outpaced the government’s response. While efforts are now being made to verify departments’ cyber resilience independently, initial findings have revealed deep vulnerabilities. The government's goal to secure critical functions by 2025, and wider public sector resilience by 2030, now seems out of reach without a fundamental shift in approach.
A major barrier remains talent recruitment. The government continues to struggle against the private sector in attracting cyber professionals, hindered by uncompetitive salaries and overreliance on costly contractors. One in three central government cyber roles is either vacant or filled by external hires. PAC Chair Sir Geoffrey Clifton-Brown MP stressed that meaningful transformation will require cyber expertise embedded at all leadership levels. Without urgent change and investment, the UK remains vulnerable to disruptive and potentially devastating cyberattacks on public infrastructure.
Posted by: Simon Baxter at 09:24