The National Audience Directorate of Great Britain (NAO) warns, that cyber attacks on state departments are becoming an increasingly serious threat to the country. Experts found that 58 critically important IT systems of the government, tested in 2024, have serious gaps in cyber resistance. In addition, the level of vulnerability of 228 outdated systems remains unknown, which creates a significant risk for public services.
The problem of cybersecurity covers a wide range of departments, including the Office for Tax and Customs Duties of Great Britain (HMRC) and the Ministry of Labor and Pensions (DWP). Recent cyber attacks confirm high vulnerability: in May 2024, hackers, allegedly related to China, penetrated the payment system of the Armed Forces, and in June an attack on two NHS funds in London led to the abolition of 10,000 outpatient techniques and 1,600 operations.
The National Cybersecurity Center (GCHQ) said that the level of threats is growing faster than the capabilities of the UK to protect critical infrastructure. The report lists key opponents: China, Iran and North Korea, as well as related groups of Volt Typhoon and Islamic State Hacking Division.
Nao emphasizes that the government systematically underestimated the importance of cyber resistance. Insufficient financing, lack of specialists and dependence on outdated IT systems leave critical services under threat. According to 2023-2024, a third of information security vacancies in the government remained incomplete or engaged in temporary employees, and complex bureaucratic procedures and relatively low salaries made it difficult to attract specialists.
The government recognizes the existence of problems and states that since July measures have been taking measures: a bill on the protection of critical infrastructure has been prepared, 30 regional personnel training projects in the industry are being implemented, and digital units are combined into a single service under the control of the Department of Science, Innovations and Technologies (DSIT ).
However, NAO auditors believe that the efforts are insufficient. In April 2024, ministers warned of extremely high risks, and the rapid development of digital services increases the likelihood of destructive attacks affecting citizens and public services.