Audit watchdog finds 58 critical IT systems assessed in 2024 had ‘significant gaps in cyber-resilience’

The threat of potentially devastating cyber-attacks against UK government departments is “severe and advancing quickly”, with dozens of critical IT systems vulnerable to an expected regular pattern of significant strikes, ministers have been warned.

The National Audit Office (NAO) found that 58 critical government IT systems independently assessed in 2024 had “significant gaps in cyber-resilience”, and the government did not know how vulnerable at least 228 ageing and outdated “legacy” IT systems were to cyber-attack. The NAO did not name the systems for fear of helping attackers choose targets.