Almost all government organisations endured a cyber attack in past year

Almost all UK government organisations endured a cyber attack in the past year according to new research.

The “Cyber Security in Government” report, published by cyber security services provider Bridewell, revealed that 93% of government organisations have experienced a cyber attack in the last 12 months, with data protection and privacy being the greatest cyber security concern for 45% of survey respondents from government. An additional 41% of respondents said that cyber resilience and managing AI cyber risk were also major challenges.

The most common consequence of cyber incidents were IT disruption and outages, which have affected 43% of organisations.

Furthermore, the research found a significant discrepancy between the cyber attack preparedness of central and local government, with 66% of central government organisations frequently running cyber training and tabletop exercises compared to 51% of local authorities. Similarly, 66% of central government respondents reported having formal communications plans in place, as opposed to just 44% of local government respondents.

Sam Thornton, Chief Operating Officer at Bridewell, said that these types of plans were crucial.

He said: “As threats continue to evolve, strengthening operational readiness across all levels of government will be critical to improving resilience and maintaining public trust."

The report highlights how increasing cloud and AI adoption across the civil service, alongside complex supply chains, are creating a “rapidly expanding attack surface”, noting that 31% of government respondents considered hybrid and multi-cloud environments a key factor increasing susceptibility to attacks.

Skill shortages are also perceived as a key factor contributing to vulnerabilities, with 30% reporting concerns about a lack of skilled cyber security personnel.

In addition, the report revealed that the main drivers of cyber security maturity within government were increased connectivity (38%) and the evolving threat landscape (36%), distinguishing it from other sectors, where the dominant factor often tends to be regulation.

“Cyber Security in Government” forms part of Bridewell’s wider annual “Cyber Security in Critical National Infrastructure" research programme, for which more than 600 UK cyber security decision-makers across sectors government, healthcare, transport, energy and financial services were surveyed.