London24NEWS

Whitehall is in danger from hackers as a result of poor cyber defences and outdated IT, report warns

Whitehall departments are at growing risk of being hacked because anti-cyber attack defences are ‘lower’ than thought, an alarming report has found.

The inquiry by the National Audit Office (NAO) was branded a ‘wake-up call’ for officials to step-up defences against hostile actors.

It identified a shortage of cyber skills within departments and risks posed by outdated IT systems.

This means the UK is struggling to ‘catch up with the acute cyber threat’ and ‘get on top of this most pernicious threat’, according to the watchdog.

It found that more than half of roles in several departments’ cyber security teams were vacant last year (23/24).

More than two hundred antiquated IT systems were also in operation, with officials unable to say how vulnerable these were to attack.

Among recent high-profile cyber assaults was one on the British Library in 2023, when employee data was leaked, and a ransomware attack last summer that caused thousands of appointments to be cancelled at two London NHS trusts.

The NAO found that the National Cyber Security Centre managed 430 cyber incidents between September 2023 and August 2024 because of their potential severity.

Whitehall departments are at growing risk of being hacked because anti-cyber attack defences are ‘lower’ than thought, an alarming report has found (stock image)

Whitehall departments are at growing risk of being hacked because anti-cyber attack defences are ‘lower’ than thought, an alarming report has found (stock image)

The inquiry by the National Audit Office (NAO) was branded a ‘wake-up call’ for officials to step-up defences against hostile actors such as hackers

The inquiry by the National Audit Office (NAO) was branded a ‘wake-up call’ for officials to step-up defences against hostile actors such as hackers 

Of these, 89 were deemed to be ‘nationally significant’.

The report concluded that ‘the cyber threat to the Government is severe and advancing quickly’ and that, although officials have started work on a defence strategy, ‘progress is slow.’

It also found that resilience levels are ‘lower’ than the Government had previously thought and that some departments have ‘significant gaps’ in resilience.

The report, to be published today, states: ‘To avoid serious incidents, build resilience and protect the value for money of its operations, government must catch up with the acute cyber threat it faces.

‘The Government will continue to find it difficult to do so until it successfully addresses the long-standing shortage of cyber skills, strengthens accountability for cyber risk and better manages the risks posed by legacy IT..’

Gareth Davies, head of the NAO, said: ‘The risk of cyber-attack is severe, and attacks on key public services are likely to happen regularly. Yet the Government’s work to address this has been slow.

Sir Geoffrey Clifton-Brown (pictured) MP, chairman of the Public Accounts Committee, said: ‘We have seen too often the devastating impact of cyber-attacks on our public services and people’s lives'

Sir Geoffrey Clifton-Brown (pictured) MP, chairman of the Public Accounts Committee, said: ‘We have seen too often the devastating impact of cyber-attacks on our public services and people’s lives’

‘The Government will continue to find it difficult to catch up until it successfully addresses the long-standing shortage of cyber skills; strengthens accountability for cyber risk, and better manages the risks posed by legacy IT.’

Sir Geoffrey Clifton-Brown MP, chairman of the Public Accounts Committee, said: ‘We have seen too often the devastating impact of cyber-attacks on our public services and people’s lives.

‘Despite the rapidly evolving cyber threat, the Government’s response has not kept pace.

‘Today’s NAO report must serve as a stark wake-up call to Government to get on top of this most pernicious threat.’

The Cabinet Office was contacted for comment.