Delayed cyberattack detection and response
Significant delays in detecting and responding to cyberattack risks within government agencies, despite high-risk ratings.
132 items
9 sources
Strongest theme matches
Mixed across source types and ranked by classifier confidence plus text match strength.
Committee recommendation
82match
#26 - Legal Aid Agency acknowledges critical lessons learned from cyberattack response and provider burden
LAA acknowledged that contingency measures it put in place to keep the legal aid system going placed additional burdens on providers, and that there are several lessons to be learned from the attack. This included, ensuring senior leaders understand risks in systems, ensuring longer term business continuity plans are in place and considering the impact on staff of...
Matched on
terms: cyberattack, response
Committee recommendation
80match
#25 - Legal Aid Agency experienced significant delays in detecting and responding to cyberattack risks
We asked LAA why it had taken so long to detect the attack and to then take systems offline.48 LAA explained that the risk of a cyberattack on its systems had been rated as extremely high on MoJ’s risk registers since 2021. It told us that MoJ had subsequently provided over £50 million in total to help address...
Matched on
terms: cyberattack
Committee recommendation
77match
#6 - Require MoJ and LAA to detail cyberattack lessons and funding for system vulnerabilities.
Despite lessons learned from the cyberattack on the LAA, funding to address weaknesses across MoJ systems is uncertain. Vulnerabilities in LAA’s systems had been on MoJ’s risk register since 2021. However, MoJ’s investment of over £50 million to transform and stabilise LAA’s systems was insufficient to prevent hackers accessing a large amount of both provider and legal aid...
Matched on
terms: cyberattack, response
Committee recommendation
74match
#1 - Committee reviewed HMP Dartmoor lease, legal aid provision, and LAA cyberattack management.
We took evidence from the Ministry of Justice (MoJ), HM Prison and Probation Service (HMPPS) and the Legal Aid Agency (LAA) to follow up on our recent scrutiny of several topics. This included HMPPS’s management of the lease renewal at HMP Dartmoor, MoJ and LAA’s response to the previous Committee’s 2024 report on legal aid and their management...
Matched on
terms: cyberattack, response
PFD report
69match
Linda Banks
Despite a thematic review identifying issues in mental health services, actions taken were ineffective in implementing change; serious incident investigations were also significantly delayed, compromising investigation quality and timely implementation of safety improvements.
Matched on
terms: delayed
Committee recommendation
62match
#24 - Legal Aid Agency cyberattack went undetected for four months before system shutdown
MoJ and LAA acknowledged that the cyberattack on LAA’s online digital services began in December 2024, four months before the LAA detected the attack on 23 April 2025.46 LAA explained that in April, it took action to boost the security of the systems concerned and informed legal aid providers that their bank details may have been compromised. However,...
Matched on
terms: cyberattack
PFD report
61match
Dean Bray
Staff in seclusion rooms could not make emergency calls directly, and paramedics faced delays accessing a patient due to unknown and unshared direct ward access routes, hindering emergency response.
Matched on
terms: response
PFD report
61match
Liam Allan
Inadequate visibility of riverside buoyancy aids and slow, telephone-based police-to-fire service communication create critical delays in emergency response, increasing drowning risks.
Matched on
terms: response
PFD report
57match
Daniel Tilley
Insufficient funding and staffing within police Communication and Control Units, compounded by inadequate officer numbers, consistently prevent timely responses to incidents, a long-standing issue particularly acute during peak demand.
Matched on
terms: response
Committee recommendation
57match
#25 - Department maintains a prioritised cyber incident response and business continuity framework
The Department explained that it had a security incident response framework in place that, in the case of a cyber attack, would enable it to keep its services running as much as possible. It told us that its business continuity plan would put in place the most important steps first—getting money to people—with some of its advisory processes...
Matched on
terms: response
Committee recommendation
56match
#20 - GovAssure reveals significant gaps and low maturity in departmental cyber resilience.
In 2023, the Cabinet Office launched ‘GovAssure’, a cyber security assurance scheme, as part of its strategy to improve government organisations’ cyber resilience. Before GovAssure, departments self–assessed their performance against minimum cyber standards set by the Cabinet Office.43 In the period April 2023 to July 2024, 35 departments took part in the first year of GovAssure and assessed...
Matched on
terms: response
LGO / SPSO decision
56match
22-001-553 - Gloucester City Council
Summary: Mr X complained the Council failed to provide local land charge search results following a cyber attack. He said it caused delay in the sale of his property. The Council failed to provide a service, but its response limited any injustice to Mr X.
Matched on
terms: response
PFD report
53match
Deborah Hopkinson
Frequent equipment failures and significant delays in specialist consultant involvement due to lack of expertise and communication issues severely impacted patient diagnosis and treatment.
Matched on
classifier match
Committee recommendation
51match
#4 - Twenty-Ninth Report - The National Law Enforcement Data Programme
The police must continue to rely on the PNC for another five years, despite the risks to its availability. The PNC is the most important law enforcement technology system in the UK, and it is vital that it is constantly available to police and other users. Given its age, the current system is remarkably reliable. However, the PNC...
Matched on
terms: response
PFD report
49match
Georgina Swindells
The coroner identified concerns regarding delays in image transfer, a lack of available data to investigate the issue, the absence of an image transfer backup process, and the apparently erroneous scan report, raising the possibility of misreporting in the future.
Matched on
classifier match
PFD report
49match
Leslie Carswell
Technical difficulties in transmitting CT scans between trusts caused critical delays in deciding treatment plans for urgent conditions. These unresolved issues risk delaying life-saving care.
Matched on
classifier match
PFD report
49match
Glenys Button
Inefficient and outdated neurosurgical referral systems, relying on switchboards and bleeps, cause delays and miscommunications, with no backup for busy on-call doctors. Modern digital solutions are available but not utilized.
Matched on
classifier match
PFD report
49match
Darran Busby
A critical flaw in the electronic patient record system allows radiology results requiring urgent follow-up to be inadvertently filed without clinician review, risking missed diagnoses and treatment delays.
Matched on
classifier match
PFD report
49match
Ian Darwin
Tees Esk and Wear Valleys NHS Foundation Trust routinely fails to conduct timely serious incident investigations, allowing hazards to persist and compromising learning, despite past assurances and national guidelines for 60-day completion.
Matched on
classifier match
PFD report
49match
Manoel Santos
Delays in notifying foreign national offenders of immigration detention and inadequate access to legal advice are compounded by poor inter-agency communication and a lack of specialist prison staff for immigration matters.
Matched on
classifier match
Committee recommendation
49match
#24 - HMRC’s legacy IT systems pose security, reliability, and cost risks.
HMRC explained that there are three key risks that arise from operating legacy systems: lower levels of security; lower reliability and resilience; and higher costs of system changes. HMRC said that its executive team and its digital team track how up to date its systems are and how that is changing over time. HMRC told us that it...
Matched on
classifier match
Committee recommendation
49match
#9 - Organised criminal groups' ransomware attacks severely disrupt public services and incur significant costs.
Organised criminal groups use ransomware and data extortion to make money.10 They do this by stealing and encrypting victims’ data and then demanding a ransom or threatening to the leak the data. In October 2023, 5 Q 2; C&AG’s Report, paras 4, 6 6 C&AG’s Report, paras 6, 22 7 Q 4 8 Qq 4–5 9 Q 5...
Matched on
classifier match
Committee recommendation
49match
#30 - Mandate EU transport operators inform travellers of UK personal import rules by January 2027 deadline.
Regardless of SPS negotiation timings, the Government must not delay the implementation of the requirement for EU transport operators to draw travellers’ attention to UK rules on personal imports of products of animal origin beyond 31 January 2027. (Recommendation, Paragraph 78)
Matched on
classifier match
Committee recommendation
48match
#20 - Twenty-Second Report - Digital transformation in the NHS
In our 2018 report on the WannaCry Cyber-attack on the NHS, we found that the Department and its arm’s-length bodies were unprepared for the relatively unsophisticated WannaCry attack and had a lot of work to do to improve cyber-security for when, and not if, there was another attack.39 We asked how the NHS was ensuring that it had...
Matched on
terms: cyberattack
Committee recommendation
48match
#7 - Legacy IT systems pose significant risks to government AI adoption and cybersecurity.
DSIT told us that it was a matter of urgency that the issue of legacy systems in government is addressed, not only to take advantage of the opportunities offered by AI, but also to address other risks including cyber security vulnerabilities. It emphasised prioritising the “systems that have the most valuable data” and “the highest levels of security...
Matched on
classifier match
Committee recommendation
47match
#6 - Twenty-Fourth - Crossrail: A progress update
A significant software update is needed to begin Trial Operations, which will allow up to 24 trains an hour to run through the central section.10 Any unexpected issues with software may take time to fix and we have reported on previous challenges with software in our Completing Crossrail report.11 The update was expected in Summer 2021 but has...
Matched on
terms: delayed
PFD report
45match
Carol Jennings
The evidence revealed matters giving rise to concern.
Matched on
classifier match
PFD report
45match
Stephen Page
The electronic sensor system provides only a brief, visual CCTV alert without an audible alarm, making it easily missed by operators and risking lost opportunities for intervention.
Matched on
classifier match
Committee recommendation
44match
#8 - Thirtieth Report - Challenges in implementing digital change
The risks associated with legacy systems include that they can be difficult and expensive to support, lack operational resilience for key government services, and be vulnerable to cyber-attack. This exposes government to what is likely to be an uncertain but high level of financial risk from potential operational and cyber-related incidents. Legacy systems need a significant level of...
Matched on
classifier match
HMICFRS recommendation
43match
FRS 2018-19 CoC Recommendations: Cornwall Fire and Rescue Service
Cause of concern: We have serious concerns about Cornwall FRS’s response to incidents. The service consistently doesn’t meet target response times for fires, especially in remote areas served by on-call stations. It is sometimes slow to update mobile data terminals with risk information. Staff often rely on paper records. Staff in the critical control centre aren’t confident in...
Matched on
terms: response
HMICFRS recommendation
43match
FRS 2023-25 CoC Recommendations: Avon Fire and Rescue Service
Cause of concern: The service’s mobilisation system, which records information and dispatches resources to emergency incidents, isn’t reliable and crashes during emergency 999 calls. This unnecessarily delays the mobilisation of resources, which results in the public receiving a slower response to emergencies. Recommendation: By 19 September 2023, the service should develop an action plan to make sure its...
Matched on
terms: response
Committee recommendation
41match
#36 - HMRC acknowledges legacy IT systems and poor data management hinder AI adoption and increase cyber risks.
We asked HMRC whether the age of some of its IT systems were going to make it more difficult to adopt AI. HMRC agreed and considers the “critical thing with AI is making sure you really have a handle on where your data is and that you are managing your data well.” 72 We also asked HMRC about...
Matched on
classifier match
Committee recommendation
41match
#31 - HMRC acknowledges security concerns with third-party Making Tax Digital software, setting strict specifications.
We asked HMRC whether there were potential security concerns that could be posed by the third–party MTD software taxpayers use to submit their tax returns, including whether there were risks to HMRC’s own systems.63 In written evidence provided after our evidence session, HMRC told us it takes security very seriously. It said all data sent to HMRC systems...
Matched on
classifier match
Committee recommendation
40match
#19 - Government Cyber Coordination Centre improves information sharing but remains in early stages.
We asked the Cabinet Office what structures it had in place to share information about cyber security with permanent secretaries and throughout departments.40 The Cabinet Office told us that it had launched the Government Cyber Coordination Centre (GC3) in September 2023, and that this had helped government share information more effectively. The GC3 brings together people from the...
Matched on
classifier match
Committee recommendation
40match
#18 - Departments remain reluctant to share cyber incident information, hindering collective learning.
We asked the Cabinet Office what the impact was when departments did not share information about their cyber incidents. The Cabinet Office agreed that sharing data is essential to learn lessons, understand vulnerabilities, share best practice and work out what has gone wrong. The Cabinet Office reassured us that if departments find any vulnerabilities that could affect other...
Matched on
classifier match
Committee recommendation
40match
#11 - Government's current cyber resilience levels remain inadequate to effectively respond and recover from attacks.
We pressed the Cabinet Office on what assurance it could give us that government was keeping up with the cyber threat.17 The Cabinet Office’s assessment was that there was already a gap in government’s ability to respond and that this might always be the case. It suggested the best approach may be continuously managing and mitigating the risk...
Matched on
classifier match
Committee recommendation
40match
#8 - Nation states pose increasing risk of espionage and disruptive cyber attacks on essential services.
The Cabinet Office highlighted concerns about nation states’ intent to conduct espionage and disrupt essential services.8 It described a campaign of espionage by Russian military intelligence that involved stealing and leaking data, and defacing websites. The Cabinet Office considered disruptive cyber attacks to be an increasing risk. It gave the example of Volt Typhoon, a Chinese state–affiliated group,...
Matched on
classifier match
Committee recommendation
40match
#7 - Government faces rapidly evolving and increasingly sophisticated cyber threats from capable adversaries.
The Cabinet Office told us that we should be extremely worried by the rapidly evolving cyber threat, which is the most sophisticated it has ever been. It explained that over the last three years, government’s adversaries, which include nation states and organised criminal groups, have developed their ‘capabilities’ more rapidly than it expected.7
Matched on
classifier match
LGO / SPSO decision
40match
21-011-288 - London Borough of Hackney
Summary: Mr C complained that the Council failed to take adequate action to control anti-social behaviour by his neighbours in the block where he lives and wrongly refused his application for the ‘community trigger’. The Council was at fault because its out-of-hours noise reporting system was inoperable after a cyber-attack in October 2020. This caused Mr C injustice...
Matched on
classifier match
Committee recommendation
40match
#31 - Over-reliance on limited strategic IT suppliers creates significant cyber security risks.
Based on written evidence, we asked the Cabinet Office about the advantages and disadvantages of relying on a few strategic suppliers.67 The Cabinet Office acknowledged that trying to maximise value for money and interoperability while managing the risks was not straightforward. DSIT added that this was not just a cyber security issue. In July 2024, the major global...
Matched on
classifier match
Committee recommendation
40match
#16 - Departments demonstrate insufficient ownership of cyber risk and hinder information sharing.
Accounting officers in departments are responsible for protecting the security of their organisations and managing their department’s cyber risk, but they have not taken sufficient ownership of this responsibility. Often, membership of departments’ most senior boards does not include a digital expert.31 Some departments have been reluctant to share information about their cyber incidents with other parts of...
Matched on
classifier match
Committee recommendation
39match
#2 - Thirtieth Report - Challenges in implementing digital change
There is no clear plan to replace or modernise legacy systems and data that are critical to service provision but are often old, unsupportable, vulnerable and a constraint on transformation. Legacy systems, some of which date back to the 1970s, are widespread across government, which relies on them for important services such as managing the UK’s borders and...
Matched on
classifier match
Committee recommendation
39match
#19 - Thirty-Second Report - Delivering gigabitcapable broadband
The government’s decision in July 2020 to reduce its dependency on technology originating from certain high-risk vendors could introduce delays and additional expense to nationwide roll-out.61 The Department estimated that the removal of high-risk vendors’ 52 DRB0004 DCMS recall (Broadband), Internet Service Providers’ Association, 4 November, p. 2 and DRB0009 DCMS recall (Broadband), The Independent Networks Co-operative Association,...
Matched on
classifier match
LGO / SPSO decision
38match
21-011-226 - London Borough of Hackney
Summary: Ms B complained that the Council delayed in processing her change of circumstances and she may have missed out on the opportunity to be rehoused in a suitable property as a result. We found the Council delayed in processing Ms B’s change of circumstances between July and September 2020. It also failed to provide a proper housing...
Matched on
terms: delayed
Committee recommendation
36match
#5 - Second Report - The Security of 5G
There is evidence that the UK, and our allies, face many malicious cyber- attacks both from rogue individuals and state-sponsored attacks from states such as Russia and China. These attacks are diverse in their nature and in their aims. Some attacks aim to steal individual data and state secrets whilst others seek to bring down the network in...
Matched on
classifier match
Committee recommendation
36match
#30 - Government faces complex challenges managing cyber security risk within its supply chain.
We asked the Cabinet Office how Government managed the cyber security of its supply chain. The Cabinet Office told us that managing supply chain risk was complex and difficult. Government’s supply chain has been the source of incidents with serious consequences for individuals, such as the ransomware attack on the supplier of NHS pathology services, Synnovis. The Cabinet...
Matched on
classifier match
Committee recommendation
36match
#22 - Collaborate with platforms to identify and track disinformation actors and their online spreading techniques.
Foreign interference and disinformation campaigns, with use of technology such as bots and AI, put UK citizens at risk. The possibility that some of the divisive messages and deceptive content spread by users—and amplified by algorithms—last summer were part of such an influence operation is deeply concerning. In order to tackle amplified disinformation, identified by Principle 1, the...
Matched on
classifier match
NAO recommendation
36match
Lessons learned: tackling fraud and protecting propriety in government spending during an emergency
p) We recommend the Central Digital and Data Office work with departments and the Public Sector Fraud Authority to extend the remit of the essential shared data assets plan to: Consider what data-sharing arrangements could be set up now. In an emergency, public bodies may not have time to agree data-sharing protocols.
Matched on
classifier match
LGO / SPSO decision
36match
24-013-245 - London Borough of Hackney
Summary: The complainant, X, complained that a Cyber Attack on the Council’s systems meant they were unable to pay Council Tax at the time. X was billed for Council Tax during the financial year and so the Council’s offer of a payment plan is reasonable. There was fault, as the Council failed to tell X of the right...
Matched on
classifier match
Committee recommendation
35match
#22 - Twenty-Ninth Report - The National Law Enforcement Data Programme
The Department also confirmed that there had been an outage earlier this year, which was due to a problem with network availability and the ‘wider PNC ecosystem’ in its Hendon data centre, affecting the ability of the police to access the PNC.42 It said it was investing significantly in this ecosystem to make sure the issue with not...
Matched on
classifier match