British government criticised for cyber-security failings

The National Audit Office (NAO) has said that the UK government is guilty of failing to adequately protect the country’s core IT infrastructure from online attacks.

The comments follow an NAO audit of Britain’s national cyber-defence strategy, the BBC news website reports.

Westminster has been focusing on strengthening its stance against web-based crime in light of growing concerns of the threat that overseas regimes may pose to British society.

The creation of the National Cyber Security Centre (NCSC) falls within the broader National Cyber Security Programme, which is expected to have funding until 2021.

The government’s current protection strategy comprises 12 initiatives, including: understanding, investigating and disrupting threats; defending against evolving cyber-attacks; managing and responding effectively securing government networks, and developing cyber-skills in the UK.

While the NAO has noted the complexity of seeing the strategy through, it underlined that the government lacked clarity in terms of which areas to address first in order to create the best outcomes.

Fewer than 80% of the strategies dedicated to protecting power plants and hospitals would finish on time, the NAO reported. It also concluded that the government was not confident in the evidence obtained for half of its plans, while noting that this represented an improvement on a previous status of “very low confidence” for the same topics in 2018.

On a more reassuring note, the study acknowledged NCSC successes. One of the strategy’s defence tools led to 54.5 million fake emails being blocked between 2017 and 2018. Between 2016 and 2018, the global share of phishing attacks on the UK fell from 5.3% to 2.2%.

The NAO also said that a budgetary discrepancy had been created because of the Cabinet Office’s failure to put together a business case for the strategy before it was implemented.

Speaking to the BBC, computer specialist, Prof Alan Woodward said:

“It’s a bit like putting the cart before the horse. The overarching thing that comes out from the NAO is that [the government] decided on the budget and then they decided on the strategy.”

Chair of the Committee of Public Accounts, Meg Hillier, described the situation as “yet another example of an important government programme launched without getting the basics right.”

“The increasing cyber-threat faced by the UK, and events such as the 2017 WannaCry attack, make it even more critical that the Cabinet Office take immediate action to improve its current programme and plan for safeguarding our cyber-security beyond 2021,” she added.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.