Efforts to improve defences are being thwarted by skills shortages with one in three cyber security roles vacant, and Ministers do not know how vulnerable to attacks most of the 228 “legacy” IT systems as are.
The Government’s own strategy includes a target for key bodies to be “significantly hardened to cyber attack by 2025”. The NAO warns that resilience has not improved fast enough to meet this aim.
Last June, an attack on a supplier of pathology services to the NHS led to two health trusts postponing more than 10,000 acute outpatient appointments and 1,710 operations.
The British Library, hit in October 2023, has spent £600,000 rebuilding its services and expects to spend more as it continues recovery work.
He said: “The risk is severe, and attacks on key public services are likely to happen regularly, yet Government’s work to address this has been slow.
Departments needed to address the long-standing shortage of cyber skills, strengthen accountability for cyber risk, and better manage the risks posed by legacy IT, he said.
The government estimated that it used nearly half of its £4.7bn IT spending in 2019 to keep legacy systems running. The NAO warn that risks to public services posed by legacy technology have built up over many years.
Government departments reported the salaries offered and civil service recruitment processes are barriers to hiring and retaining skilled staff.
Some departments were reluctant to share information about their cyber incidents with other parts of government, limiting the opportunities for other organisations to learn and improve their own cyber resilience.
“The Government’s response has not kept pace. Poor co-ordination across Government, a persistent shortage of cyber skills, and a dependence on outdated legacy IT systems are continuing to leave our public services exposed.”
This report does not cover the cyber resilience of local government, public corporations, businesses or UK society more widely. This report focuses on the cyber resilience of IT systems at the ‘official’ level of security classification and not systems classified as ‘secret’ or above.
Read More Details
Finally We wish PressBee provided you with enough information of ( Whitehall gets a wake up call as Government IT systems face severe cyber threat )
Also on site :