Tuesday, May 13, 2025
Latest:
News

Commons Watchdog Warns UK’s ‘Crumbling’ Cyber Defences Lag Far Behind Rising Threats

HackAcademy

Legacy IT and skills gaps leave public services wide open, MPs warn

Britain’s ageing government computer systems are “outpaced by hostile states and cyber‑criminals”, according to a scathing report by Parliament’s Public Accounts Committee (PAC). More than a quarter of central‑government IT runs on vulnerable legacy platforms, creating a widening gap between the threat landscape and Whitehall’s ability to defend critical services.

Recent ransomware hits on high‑street names such as Marks & Spencer, Harrods and the Co‑op highlight how quickly attackers can disrupt operations—and ministers fear the public sector could be next. “This is a wake‑up call for British businesses and government alike,” Cabinet Office minister Pat McFadden said this week, noting a trebling of major incidents reported to the National Cyber Security Centre in 2024.

Key findings from the PAC report

  • 25 % of Whitehall systems are beyond their supported life—some dating back to Windows XP.

  • Shortage of expertise: departments cannot match private‑sector salaries, leaving critical posts unfilled.

  • Patchy threat visibility: no single inventory of high‑risk networks exists, hampering rapid incident response.

  • Missed targets: a 2022 pledge to “significantly harden” critical functions by 2025 is slipping; full public‑sector resilience is now unlikely before 2030.

Sir Geoffrey Clifton‑Brown, committee chair, said the findings show “our battlements are crumbling” and called for a Cabinet Office‑led audit of every departmental system. “It must not take a devastating attack on critical infrastructure for defensive action to be taken,” he warned.

Ministers promise ‘step change’—but money and talent remain sticking points

Downing Street insists progress is under way. A Cabinet Office spokesperson pointed to:

  • The forthcoming Cyber Security and Resilience Bill, set for introduction later this year.

  • Investment in CHERI hardware technology, which officials say could prevent 70 % of common software‑memory exploits.

  • A new “Plan for Change” aimed at growing the UK cyber sector and funding regional skills hubs.

Yet the PAC says Whitehall must finally “grasp the nettle” on pay: seasoned penetration testers can earn double the civil‑service rate in industry. Until departments can attract and retain those specialists—in boardrooms as well as security‑ops centres—the committee doubts ambitious timelines will stick.

Next steps: a full‑scale audit and public progress tracker

MPs have given the Cabinet Office six months to deliver:

  1. A complete inventory of legacy systems and their owners.

  2. Costed remediation plans prioritising the most critical national functions.

  3. A recruitment and pay‑band strategy to close the skills gap without relying on pricey contractors.

  4. Regular public scorecards so taxpayers can see which departments hit—or miss—hardening milestones.

The PAC says it will revisit the issue before year‑end and has not ruled out recommending claw‑backs of departmental budgets if deadlines slip.

Bigger picture: AI turbo‑charges the threat curve

Intelligence released this week shows AI is already super‑charging phishing, deep‑fake disinformation and zero‑day discovery, driving the surge in UK incident reports. “Cyber‑security is not a luxury; it’s a basic utility,” McFadden told delegates—echoing the PAC’s verdict that the nation’s digital moat needs rebuilding before adversaries exploit its many cracks.

Photo Credit: DepositPhotos.com

Leave a Reply

Your email address will not be published. Required fields are marked *