The Cabinet office Is set to miss its targets for the UK government to be “Cyber Resilient” by the end of 2025, and needs to do more to do more to strike the right balance between subene supporting departments, HOLDING ACCONT, And Doing More for Center of Government, A Public Accounts Committee (PAC) Report has concluded.
In the report, Government Cyber ResiliencePublished today (9 May 2025), The cross-Bench pac presented a mixed picture of its findings. On the positive side, it is prised the cabinet office for taking steps to independent verified the resilience of critical it systems in government departments.
However, it also said this exercise had revised that in general, resilience is much lower than expected, with many systems containing fundamental weaknesses.
A July 2024 Assessment of 72 Critical Systems at 35 Departments Identified Significant Cyber Resilience Gaps, with Multiple Fail Failurers in Risk MANAGENGEMENT and Incident response planning, and althaogha was an improvement on the past situation, the pac said more should have been done. In Particular, It Again Lamented The Reliance on during expert test testimony in March,
“We find it alarming that risky legacy it systems – which the department for science, innovation and technology (dsit) estimated make up 28% of the public sector's it set Independent Assessment, “said the pac, which is chaired by geoffrey clifton-brown, mp.
“We recognize that the size and complexity of the public sector, and its supply chains, make it chalynging for government to manage cyber risk. Know how many legacy it systems exist in government and therefore cannot manage the associates cyber risk. “
Additional, Government Departments Have Not Done Enough to Prioritise Cyber Security, A Situation Not Helped by a Lack of Clear Guidance from the Cabinet Office. Across Westminster, Various Bodies are understimating the severity of the threat, and their decisions are not reflected the urgency of the issue. The report calls for all departments to do more to ensure security leaders are involved at Senior Management and Decision-Making Levels.
“Looking forward, the cabinet office will not meet its target for government to be cyber resilient by the end of 2025. require government to take a fundamentally different approach, “The report said.
The pac added that the cabinet office was on the right path and learning from the experience of others, and the mps said they look forward forward to great to greency with regard to overall Progress on Cyber Resilience.
Better pay please
The committee's report on to criticize the government for being “unwilling to pay” the salarys needed to hire the right cyber security professionals Into whitehall, and noted that although the government has increased its wider Digital Workforce to Approximately 23,000 people, One in three cyber second roles are eater by third-party contractors.
“Experience sugges government will need to be realistic about how many of the best people it can recruit and retain,” said the report.
“This include the need for departments to have digital and security leaders on his most seniors. Security. “
Not keeping up
In general, the pac report found that government has not kept up with the Gathering Cyber Threat to the UK from Hosile Foreign States And Financially-Motivated Criminals, Examplified by Incidents Such as the 2023 ransomware attack on the British LibraryThe 2024 Incident at NHS Supplier SynnovisAnd more recently, The Ongoing Cyber Attacks Affecting uk supermarkets. There is now a significant gap between the extent of the threat and the government's Response to it.
The committee also identified more risk in government supply chains, where insurance Synnovis Incident Showed, Where Thousands of Hospital Appointments Had to Be Cancelled After the attack disrupted the pathology services provider.
The Report Called for the Cabinet Office to Set Out What Levers and Instruments it now plans to take to manifest a new approach to cyber resilience, following the conclusion of the conclusion of 2025 Speakinging review.
The National Cyber Security Center Warned Earlier this week that a divide will emerge over the next two years between organisations that can keep pace with Cyber Threats Enabled by Artificial Intelligence And that that fall behind.