Britain's defences against cyber-attacks on critical infrastructure and public services have been “outpaced” by criminals and hostile states, a hard-hitting report warns today. The country is under threat from foes who have developed capabilities faster than the Government expected, a cross-party group of MPs has warned.
Sir Geoffrey Clifton-Brown, who chairs the powerful public accounts committee, warned that the “battlements are crumbling” and “hostile states and criminals have the ability to do serious and lasting harm to our nation and people’s lives”.
He said: “It must not take a devastating attack on a critical piece of the country’s infrastructure for defensive action to be taken.”
A key risk is that much of Government uses old-fashioned computer systems which are especially vulnerable to attack. The public accounts committee warns such risky “legacy” systems make up around 28% of the public sector’s IT estate.
The warning comes on the heels of attacks by hackers on Marks & Spencer, Co-op and Harrods in recent weeks. In 2023 the British Library was hit by a ransomware attack and the MPs say dealing with it has cost around £7million.
The MPs warn that the Government’s cyber-resilience is “far from where it needs to be” and that departments have “underestimated the severity of the threat”.
The Cabinet Office is blamed for not giving individual departments a clear picture of the threat and instructions on what action should be taken.
A challenge is that the Government struggles to compete with the private sector for the top talent in cyber-security. It is accused of not paying market-rate salaries; the MPs say doing this would be cheaper in the long-term than paying contractors.
Committee chairman Sir Geoffrey said: “Government Departments are beginning to wake up to the serious cyber threat they face. It is positive to see independent verification now in place to gain a better picture on critical systems resilience.
“Unfortunately, this has only served to confirm that our battlements are crumbling. A serious cyberattack is not some abstract event taking place in the digital sphere. The British Library cyber-attack is a prime example of the long-lasting cost and disruption that these events can cause.”
The MPs warn one in three cyber-security roles in central government are either vacant or filled by “expensive contractors”. Sir Geoffrey pushed the Government to “grasp the nettle” and offer “competitive salaries for digital professionals”.
“For too long, Whitehall has been unwilling to offer attractive remuneration for experts who are able to secure high-paid work elsewhere,” he said. “Making sure that the right people are in the right jobs to defend the UK against this serious threat, and reducing the use of expensive contractors at the same time, is clearly sound value for money.”
