Britain Is Unprepared To Defend Itself From Nation-State Hackers

Uploaded on 2025-04-07 in TECHNOLOGY--Resilience, GOVERNMENT-National, FREE TO VIEW

The cyber threat facing the British government is severe and advancing quickly, with 58 critical government IT systems independently assessed  as having significant gaps in cyber resilience. Worse, last year the government was unable to say how vulnerable to cyber attack were at least 228 of its outdated and obsolete IT systems. 

Furthermore, the skills gap is a big issue on the challenge to building national cyber resilience, with one in three cyber security roles in government vacant, or filled by temporary staff, in 2023-24.

In January 2022, the UK Cabinet Office published the Government Cyber Security Strategy: 2022-2030, setting out for the first time the complex challenges facing government cyber security and a comprehensive vision and strategy for improvement. The  overarching vision is to ‘ensure that core government functions, from the delivery of public services to the operation of national security apparatus, are resilient to attack’. 

A cyber attack is one of the most serious risks to the UK and the government’s resilience, with the disruption caused by the COVID-19 pandemic highlighting the need to strengthen national resilience and prepare for future emergencies in an increasingly digital world.

With the Increasing global political instability there is has been a significant increase in state-backed cyber attacks worldwide, as hackers with hit government and companies using very sophisticated technology attacks.  As the US says it will increase its public infrastructure resilience, some experts are concerned that the UK’s cyber security is not ready to defend against rapidly growing threats.

In 2024, Britain'’s National Cyber Security Centre (NCSC) recorded a 16% increase in severe attacks impacting national security. Last December the NCSC published its annual report which found that the UK’s cyber risk is “widely underestimated.” The report claimed the agency’s Incident Management team intervened 430 times out of the 1,957 cyber-incident reports it received in 2024. Of these incidents, 89 were nationally significant, including 12 critical incidents, marking a threefold increase from the previous year.

In a survey of 250 IT public sector leaders, Trend Micro reported a large percentage of UK IT leaders warned of critical cybersecurity gaps. 

  • 64% of IT leaders claimed they did not know what best practices were.
  • 24% said the lack of best practices could directly lead to a cyber incident.

The rising sophistication of cyber attacks and state-backed incidents has exposed the vulnerabilities within public sector organisations.

In June 2024, a cyber attack on a supplier of pathology services to the NHS in south-east London led to the postponement of over 10,000 outpatient appointments and 1,700 elective procedures.Meanwhile, the British Library had to spend more than £600k to rebuild its services after suffering a cyber attack in 2023, and it expects to spend much more on restoration.

The NCSC reported that around 40% of incidents it managed between September 2020 and August 2021 were aimed at the UK’s public sector.

This January the National Audit Office (NAO) reported that skills gaps were the biggest hurdle to building cyber resilience in the UK. According to the NAO, the successive governments’ strategy to become “significantly hardened to cyber attacks by 2025” failed due to a lack of cyber skills and the speed in implementation of checks and security.

NAO   |  Trend Micro   |   CCN   |   Guardian  |    Cyber Magazine  |   UKParliament  |   Sky 

Image: 

You Might Also Read: 

Britain's  Cyber Security Industry Is Growing:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Britain Falls Under Pressure To Relax Regulations On AI
On Trend With Zero-Trust Architecture & Multi-Cloud Environments »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Gigamon

Gigamon

Gigamon provides intelligent Traffic Visability solutions that provide unmatched visbility into physical & birtual networks without affecting the performance or stability of production environments.

Thycotic

Thycotic

Thycotic prevents cyber attacks by securing passwords, protecting endpoints and controlling application access.

Threat Intelligence

Threat Intelligence

Threat Intelligence is a specialist security company providing penetration testing, threat intelligence, incident response and training services.

Infodas

Infodas

Infodas provides Cybersecurity and IT consulting / system integration services as well as a range of innovative Cybersecurity products to public sector and commercial clients.

Data Security Inc

Data Security Inc

Data Security, Inc. is the leading American manufacturer and supplier of hard drive degaussers, magnetic tape degaussers as well as hard drive and solid state destruction devices.

Ergo

Ergo

Ergo is a world-class IT Partner of choice, leveraging the latest technology available in cloud, mobility, big data, analytics, and social media.

Sydeco

Sydeco

Sydeco offer a complete range of products that secure computer and industrial networks, servers, programs and data against any type of computer attack.

National Institute for Research & Development in Informatics (ICI Bucharest) - Romania

National Institute for Research & Development in Informatics (ICI Bucharest) - Romania

ICI Bucharest is the most important institute in the field of research, development and innovation in information and communication technology (ICT) in Romania.

TopSOC Information Security

TopSOC Information Security

TopSOC Information Security provide a wide range of security consultation, implementation and training services.

RegScale

RegScale

RegScale helps organizations comply in real-time with multiple compliance requirements (NIST, CMMC, ISO, SOX, etc), scalable to meet the needs of the entire enterprise.

BCyber

BCyber

BCyber is a Swiss Cyber Security company that provides security products, training, and managed services to protect diverse IT and OT environments against cyber, physical, and cyber-physical threats.

UK Cyber Cluster Collaboration (UKC3)

UK Cyber Cluster Collaboration (UKC3)

UKC3 has been launched to support Cyber Clusters and encourage greater collaboration across regions and nations of the UK.

Amazon Web Services (AWS)

Amazon Web Services (AWS)

Amazon Web Services is the world’s most comprehensive and broadly adopted cloud platform, offering fully featured services from data centers globally.

Scality

Scality

Scality storage unifies data management from edge to core to cloud. Our market-leading file and object storage software protects data on-premises and in hybrid and multi-cloud environments.

Baidam Solutions

Baidam Solutions

Baidam Solutions is a 100% Australian owned and operated First Nations information technology business.

GoCloud Systems

GoCloud Systems

GoCloud is an IT consulting firm. We provide IT strategy and cloud adoption services to the New Zealand Government, Non-Profit Organisations and private industry.

NetBird

NetBird

NetBird combines a WireGuard-based overlay network with Zero Trust Network Access, providing a unified platform for reliable and secure connectivity.