General Atomics

NAO report reveals severe cyber threat to UK government

According to a new report published by the National Audit Office (NAO), the cyber threat to UK government is severe and advancing quickly, with the public spending watchdog emphasising that government must act now to protect its own operations and key public services.


 
Image by Titima Ongkantong / copyright Shutterstock
 
The National Audit Office (NAO) evaluated whether government was keeping pace with the rapidly evolving cyber threat it faces from hostile actors.
 
It identified that the government’s new cyber assurance scheme, GovAssure, which independently assessed 58 critical departmental IT systems by August 2024, found significant gaps in cyber resilience with multiple fundamental system controls at low levels of maturity across departments.
 
At least 228 ‘legacy’ IT systems were in use by departments as of March 2024 and the government does not know how vulnerable these systems are to a cyber attack.
 
If successful, cyber attacks can have devastating effects on government organisations, public services and people’s lives. In June 2024, a cyber attack on a supplier of pathology services to the NHS in south-east London led to two NHS foundation trusts postponing 10,152 acute outpatient appointments and 1,710 elective procedures.

The British Library, which experienced a cyber attack in October 2023, has already spent £600,000 rebuilding its services and expects to spend many times more as it continues its recovery work.
 
Successive governments have been working for at least a decade to build the UK’s cyber resilience, including publishing a strategy for improving government organisations’ cyber security in January 2022.

This strategy included a target for key government organisations to be “significantly hardened to cyber attack by 2025”. Yet government has not improved its cyber resilience fast enough to meet this aim.
 
One reason for this is shortages of cyber skills within government. In 2023-24:

  • one in three cyber security roles in government were vacant or filled by temporary staff (contingent labour)
  • more than 50% of cyber roles in several departments were vacant
  • 70% of specialist security architects in post were temporary staff

Departments reported that the salaries they can pay and civil service recruitment processes are barriers to hiring and keeping people with cyber skills.
 
Other concerns include a lack of coordination within government jeopardising effective cyber defence. The respective roles of departments and organisations at the centre, such as the National Centre for Cyber Security (NCSC), are insufficiently understood. Departmental leaders have not consistently recognised the relevance of cyber risk to their strategic goals.
 
Financial pressures have also meant that some departments have significantly reduced the scope of their work to build cyber resilience, which could increase the severity of an attack when it happens. In March 2024, departments did not have fully funded plans to remediate around half of government’s legacy IT assets (53%, or 120 out of 228), leaving these systems increasingly vulnerable to cyber attack. Under-investment in technology and cyber was a key factor in the British Library cyber incident.
 
The NAO is urging the government to act now to build its cyber capabilities and defences. It recommends government:

Within the next six months:

  • develops, shares and starts using a cross-government implementation plan for the Government Cyber Security Strategy.
  • sets out how the whole of government needs to operate differently and what is needed for this transformation to be effective, so that it can achieve its goals for government cyber security and resilience.

Within the next year:

  • make and enact plans to fill cyber skills gaps in workforces.

Gareth Davies, head of the NAO said: “The risk of cyber attack is severe and attacks on key public services are likely to happen regularly, yet government’s work to address this has been slow.

“To avoid serious incidents, build resilience and protect the value for money of its operations, government must catch up with the acute cyber threat it faces.

“The government will continue to find it difficult to catch up until it successfully addresses the longstanding shortage of cyber skills, strengthens accountability for cyber risk and better manages the risks posed by legacy IT.”

Nathaniel Jones, VP, AI & Security Strategy at Darktrace said: "The NAO’s findings highlight both challenges and opportunities in UK government cybersecurity. While departments are actively working to harness AI solutions, they’re also managing complex legacy IT systems that require careful attention. The findings that 58 critical systems need strengthening provides a clear roadmap for improvement.

“The Government now has an opportunity in its upcoming Cyber Security and Resilience Bill and national procurement statement to upgrade the UK’s defences for a modern age. As we enter an era where AI is compounding offensive cyber capabilities, government departments will need to fundamentally upgrade their security approaches to safely harness modern day solutions for better public services. This isn’t just about patching existing systems – it’s about building security architectures that can adapt to the future landscape."

Related

Vertical Aerospace to fly eVTOL at the Farnborough International Airshow
Vertical Aerospace VX4 will perform at Farnborough Airshow
Vertical Aerospace to fly eVTOL at the Farnborough International Airshow
Vertical Aerospace will bring its piloted eVTOL prototype to the Farnborough flying display, marking a first for the international airshow.
Aerospace

17 Jul 2026

UKEF and GE Aerospace introduce finance solution for regional UK shop visits
GE Aerospace CFM LEAP engine in an MRO shop
UKEF and GE Aerospace introduce finance solution for regional UK shop visits
In partnership with GE Aerospace, UK Export Finance (UKEF) is providing up to $1 billion (£742m) in financing over the next five years in a first-of-its-kind programme that will underpin a banking solution for engine overhauls and support airlines' UK flight operations.
Aerospace Member News

17 Jul 2026

Rolls-Royce partners with Boeing and Lufthansa to test fuel-saving and noise-reduction technologies
Boeing eco Demonstrator Explorer Lufthansa 787-9
Rolls-Royce partners with Boeing and Lufthansa to test fuel-saving and noise-reduction technologies
Rolls-Royce, Boeing and Lufthansa are launching a flight-test campaign using a 787-9 to evaluate technologies that improve fuel efficiency and reduce noise.
UK commits £255m to prepare Ukraine for Saab Gripen E fighters
Saab Gripen E for Ukraine
UK commits £255m to prepare Ukraine for Saab Gripen E fighters
The package will fund training, simulators, spare parts and logistics for Ukraine’s future Gripen E fleet while supporting around 5,000 jobs across the UK defence supply chain.
Defence Most Read

17 Jul 2026

Storm Fighter to lead new RAF collaborative combat aircraft family
BAE Systems Tempest with loyal wingman drones
Storm Fighter to lead new RAF collaborative combat aircraft family
Why the RAF is now racing do develop not only a high-end CCA called Storm Fighter, but also a complementary family of smaller autonomous aircraft to fly alongside crewed fighters.
Defence Most Read

17 Jul 2026

RAF awards Boeing £127m E-7 sustainment contract as first aircraft nears service
RAF E-7 Wedgetail AEW&C aircraft
RAF awards Boeing £127m E-7 sustainment contract as first aircraft nears service
The £127.5 million sustainment award will support around 180 jobs in Scotland as the first RAF Wedgetail completes final testing and a second aircraft begins flying.
Defence Insights Most Read

16 Jul 2026

UK space sector punches above its weight but struggles to scale
United kingdom from space by NASA
UK space sector punches above its weight but struggles to scale
Britain captures around 5% of the global space market despite accounting for approximately 1% of government space spending worldwide. However, the UK Space Agency’s final annual report warns that the country has yet to solve its persistent scale-up challenge.
Space

17 Jul 2026

Serco awarded ESA contract to support FLEX Earth observation mission
Earth observation satellite
Serco awarded ESA contract to support FLEX Earth observation mission
The European Space Agency (ESA) has contracted Serco to manage and deliver FLEX satellite data products to its users.
Member News Space

17 Jul 2026

ESA selects Keysight to develop 5G NTN anomaly detection
6G network
ESA selects Keysight to develop 5G NTN anomaly detection
Keysight will serve as the prime contractor, collaborating with Sateliot to support key technical development and satellite mission integration.
Member News Space

16 Jul 2026

Critical UK sectors targeted by Russian cyber actors
A hacker at a computer as government urges organisations to improve cyber security
Critical UK sectors targeted by Russian cyber actors
A new advisory has been issued by the National Cyber Security Centre (NCSC) and international partner agencies, urging the UK and its allies to defend against Russian state cyber actors’ global exploitation of poorly configured routers, as the UK sanctions Russian state and criminal networks for cyber and hybrid operations and calls out the FSB for a reckless attack on Poland’s energy grid.
Security

17 Jul 2026

UK defence SMEs unite under new Spearhead delivery collective
Spearhead SME member representatives
UK defence SMEs unite under new Spearhead delivery collective
Twenty-eight UK-owned defence and security SMEs have formed Spearhead, offering government and prime contractors access to specialist capability through one contract and one accountable delivery team.
Lockheed Martin Ventures opens London office with $100m UK and Europe fund
Lockheed Martin Ventures
Lockheed Martin Ventures opens London office with $100m UK and Europe fund
Lockheed Martin Ventures has chosen London for its first office outside the United States, with at least $100 million earmarked for UK and European defence technology start-ups.