![Free Malaysia Today](/_next/image/?url=https%3A%2F%2Fmedia.freemalaysiatoday.com%2Fwp-content%2Fuploads%2F2025%2F01%2Fb77f964d-kings-college-hospital-uk.webp&w=3840&q=75)
“To avoid serious incidents, build resilience and protect the value for money of its operations, (the) government must catch up with the acute cyber threat it faces,” said Gareth Davies, head of the National Audit Office which produced the report.
“The government will continue to find it difficult to do so until it successfully addresses the long-standing shortage of cyber skills, strengthens accountability for cyber risk and better manages the risks posed by legacy IT,” he added.
The watchdog found more than 50% of positions in several departments’ cyber security teams were vacant in 2023/24.
At least 228 outdated IT systems were also in use as of March 2024, with officials unable to assess how vulnerable they might be to attack.
Geoffrey Clifton-Brown, head of a cross-party committee of MPs, has said public services had been left “exposed” because the government response had “not kept pace” with the evolving cyber threat.
The watchdog’s report “must serve as a stark wake-up call to government to get on top of this most pernicious threat,” he said.
The National Cyber Security Centre managed 430 cyber incidents between Sep 2023 and Aug 2024, of which 89 were deemed to be “nationally significant”.
Officials said last year an international operation led by UK and US law enforcement had severely disrupted “the world’s most harmful cybercrime group”, the Russian-linked ransomware specialist LockBit.
LockBit and its affiliates have targeted governments, major companies, schools and hospitals, causing billions of dollars of damage and extracting tens of millions in ransoms from victims.
Their targets included Britain’s Royal Mail, US aircraft manufacturer Boeing, and a Canadian children’s hospital.
In Jan 2023, US law enforcers shut down the Hive ransomware operation which had extorted some US$100 million from more than 1,500 victims worldwide.
In June 2024, a cyber-attack on service supplier Synnovis hit blood transfusions, and hundreds of appointments and operations were cancelled at two of the UK’s biggest hospitals – King’s College Hospital and Guy’s and St Thomas’ in the centre of the British capital.
Stay current - Follow FMT on WhatsApp, Google news and Telegram