UK cyber attack alert: Crumbling defences put millions at risk, warn MPs
LONDON, 9 may 2025 — Britain’s cyber defences are failing to keep pace with the growing threat posed by hostile states and criminal groups, a scathing new report by MPs has revealed. The Public Accounts Committee (PAC), a cross-party group in Parliament, has warned that outdated Government IT systems and a lack of skilled personnel are leaving the country dangerously exposed to cyber-attacks.
The report highlights the growing risk to critical infrastructure and public services, cautioning that adversaries have developed their capabilities far faster than the Government had anticipated. Committee chair Sir Geoffrey Clifton-Brown delivered a stark warning: “Our battlements are crumbling. Hostile states and criminals now have the ability to do serious and lasting harm to our nation and people’s lives.”
Sir Geoffrey added, “It must not take a devastating attack on a critical piece of infrastructure before we act. The time for complacency is long over.”
The report outlines that roughly 28% of the public sector’s IT infrastructure still relies on legacy systems, many of which are no longer supported by modern cyber-security tools and are especially vulnerable to exploitation. The MPs stressed that this presents an unacceptable risk, especially given the increasing sophistication of cyber-attacks targeting public and private institutions alike.
Recent weeks have seen major UK retailers including marks & spencer, harrods, and the Co-op targeted by hackers. And in 2023, the british library suffered a catastrophic ransomware attack, the fallout of which has cost an estimated £7 million. The committee used this as a cautionary example of how such incidents can inflict long-lasting disruption and financial loss.
The MPs accused the cabinet office of failing to provide individual departments with a coherent assessment of the threats they face or adequate guidance on how to bolster their defences. As a result, departments across whitehall are responding to threats in a piecemeal fashion.
A key issue identified in the report is the Government’s inability to attract and retain top-tier cyber-security professionals. The committee criticised whitehall for not offering competitive salaries, forcing departments to rely on expensive external contractors to plug the gaps. The report states that one in three cyber-security roles in central Government is either vacant or filled by a costly contractor.
More Read
Sir Geoffrey called on ministers to “grasp the nettle” and invest in permanent staff who can provide long-term protection. “Whitehall has been unwilling for too long to offer attractive remuneration for experts who can easily command much higher salaries elsewhere. Making sure the right people are in the right jobs to defend the UK—and reducing dependency on costly contractors—is clearly better value for money,” he said.
While there have been some improvements, including independent verification of departments’ cyber resilience, the MPs said this had only served to confirm how widespread the vulnerabilities truly are.
The committee’s conclusions paint a bleak picture of the UK’s preparedness in an era where cyber-warfare is no longer a distant or theoretical risk, but an active and growing threat. The MPs are urging the Government to urgently overhaul its approach to cyber-security—before the country suffers an attack it cannot recover from easily.
Key takeaways:
- 28% of public sector IT systems are outdated, increasing vulnerability.
- One in three Government cyber roles are vacant or filled by costly contractors.
- Cabinet office lacks coordination, leaving departments without clear threat assessments.
- Recent attacks on major UK institutions underscore the urgency of the issue.
- MPs call for better pay to attract cyber-security talent and reduce reliance on contractors.
