Britain Is Unprepared To Defend Itself From Nation-State Hackers

Uploaded on 2025-04-07 in TECHNOLOGY--Resilience, GOVERNMENT-National, FREE TO VIEW

The cyber threat facing the British government is severe and advancing quickly, with 58 critical government IT systems independently assessed as having significant gaps in cyber resilience. Worse, last year the government was unable to say how vulnerable to cyber attack were at least 228 of its outdated and obsolete IT systems.

Furthermore, the skills gap is a big issue on the challenge to building national cyber resilience, with one in three cyber security roles in government vacant, or filled by temporary staff, in 2023-24.

In January 2022, the UK Cabinet Office published the Government Cyber Security Strategy: 2022-2030, setting out for the first time the complex challenges facing government cyber security and a comprehensive vision and strategy for improvement. The overarching vision is to ‘ensure that core government functions, from the delivery of public services to the operation of national security apparatus, are resilient to attack’.

A cyber attack is one of the most serious risks to the UK and the government’s resilience, with the disruption caused by the COVID-19 pandemic highlighting the need to strengthen national resilience and prepare for future emergencies in an increasingly digital world.

With the Increasing global political instability there is has been a significant increase in state-backed cyber attacks worldwide, as hackers with hit government and companies using very sophisticated technology attacks. As the US says it will increase its public infrastructure resilience, some experts are concerned that the UK’s cyber security is not ready to defend against rapidly growing threats.

In 2024, Britain'’s National Cyber Security Centre (NCSC) recorded a 16% increase in severe attacks impacting national security. Last December the NCSC published its annual report which found that the UK’s cyber risk is “widely underestimated.” The report claimed the agency’s Incident Management team intervened 430 times out of the 1,957 cyber-incident reports it received in 2024. Of these incidents, 89 were nationally significant, including 12 critical incidents, marking a threefold increase from the previous year.

In a survey of 250 IT public sector leaders, Trend Micro reported a large percentage of UK IT leaders warned of critical cybersecurity gaps.

64% of IT leaders claimed they did not know what best practices were.

24% said the lack of best practices could directly lead to a cyber incident.

The rising sophistication of cyber attacks and state-backed incidents has exposed the vulnerabilities within public sector organisations.

In June 2024, a cyber attack on a supplier of pathology services to the NHS in south-east London led to the postponement of over 10,000 outpatient appointments and 1,700 elective procedures.Meanwhile, the British Library had to spend more than £600k to rebuild its services after suffering a cyber attack in 2023, and it expects to spend much more on restoration.

The NCSC reported that around 40% of incidents it managed between September 2020 and August 2021 were aimed at the UK’s public sector.

This January the National Audit Office (NAO) reported that skills gaps were the biggest hurdle to building cyber resilience in the UK. According to the NAO, the successive governments’ strategy to become “significantly hardened to cyber attacks by 2025” failed due to a lack of cyber skills and the speed in implementation of checks and security.

NAO | Trend Micro | CCN | Guardian | Cyber Magazine | UKParliament | Sky

Image:

You Might Also Read:

Britain's Cyber Security Industry Is Growing:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.