Holes In The Road To The UK’s Digital Future

Uploaded on 2025-07-29 in TECHNOLOGY--Resilience, GOVERNMENT-National, FREE TO VIEW

There are more than a million potholes across the UK’s road network, and it’s costing motorists - and the taxpayer - a small fortune in running repairs.

When I read recently that the RAC had described its “pothole-related breakdown data” as being a “very clear reflection of the true state of the UK's roads”, I couldn’t help but draw a parallel between the state of the roads and the UK’s digital infrastructure.

While most organisations run on modern, well-architected infrastructure with security built in from the ground up, there are also examples where the infrastructure is showing signs of wear and tear, or, in some cases, worse. And it seems I may not be alone in my assessment.

Only recently, the Public Accounts Committee (PAC) published a sobering assessment of the UK government’s cyber-resilience. The report found that 28% of the public sector’s IT estate consists of risky, outdated legacy systems, with 25% of the most critical systems rated ‘red’ for the likelihood and impact of risks.

Alarmingly, the government doesn’t have a complete picture of how many legacy systems are still in use.

Beyond Patching Over The Cracks

The PAC’s conclusion was blunt: Government defences have not kept pace with the fast-evolving cyberthreat landscape, and hostile states and cybercriminals have stolen a march on exploiting technology for their own use.

Sir Geoffrey Clifton-Brown MP, Chair of the Committee, said in a statement, “Government Departments are beginning to wake up to the serious cyber threat they face. It is positive to see independent verification now in place to gain a better picture on critical systems resilience. Unfortunately, this has only served to confirm that our battlements are crumbling.

“A serious cyberattack is not some abstract event taking place in the digital sphere.” He added, “Hostile states and criminals have the ability to do serious and lasting harm to our nation and people’s lives.”

This is not a theoretical warning. Within weeks of the publication of the PAC report, it was revealed that a serious cyberattack at the Legal Aid Agency had exposed the personal details of thousands of vulnerable individuals dating back to 2010.

The fallout was immediate: the agency was forced to take its system offline, and the National Crime Agency and National Cyber Security Centre were called in to respond. The exposure not only compromised personal privacy but also raised urgent questions about how government departments manage and secure sensitive information. It was a sharp reminder that cyber resilience is not just about high-end defences or cutting-edge technology. It is also about making sure governance, oversight, and accountability are in place across the board.

The Path Forward: Fixing The Digital Foundations

If the picture painted by the PAC report and the Legal Aid breach tells us anything, it’s that public sector cybersecurity cannot be fixed by surface-level patches or last-minute firefighting. Just as potholes are indicative of a creaking road network, these digital breaches reveal fundamental cracks in the foundations of government IT.

Strengthening resilience will require a multi-layered approach. That starts with addressing legacy systems - not simply bolting on new tools - and investing in the wholesale modernisation of outdated infrastructure.

However, technology alone won’t close the gap. Public sector organisations also need the right people in place with the right skills. That means upskilling existing teams, attracting new cyber talent, and embedding digital expertise at the top of departmental leadership.

Then there are the tools people need. If departments are to improve their resilience, they need visibility. For without a clear, unified view across their entire infrastructure - both old and new - departments will find it difficult to detect, understand, or respond to the risks they face. Single-pane-of-glass observability can provide that oversight, giving IT teams the ability to move from reactive firefighting to proactive risk management.

What’s more, the sheer scale and complexity of today’s threat landscape mean that increasingly, automation and AI-driven insights need to be used to help teams detect patterns, prioritise risks, and act faster than human monitoring alone can manage. By combining human expertise with intelligent systems, departments can reduce response times, improve accuracy, and make more informed decisions - all critical components in strengthening national resilience.

And this is only the start. The scale of the task facing the UK means there’s no quick solution. Delivering true cyber-resilience will require long-term commitment, sustained investment, and a fundamental rethink of how digital infrastructure is built, maintained, and secured. How we respond now will determine how well the UK can withstand evolving threats in the years to come.

Richard Giblin is Head of UK Public Sector and Defence at SolarWinds

Image: Ideogram

You Might Also Read:

Cybersecurity Has Become Britain's Top Defence Priority:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.