Spending has dramatically increased on cybersecurity training for staff charged with supporting the prime minister and his cabinet, with a year-on-year rise of 483%.
The Cabinet Office, headed by Michael Gove, booked 428 separate cyber training courses at a total cost of almost £275,000 in the most recent financial year (FY 20-21), compared to just 35 (£47,018) in FY 19-20.
The figures, obtained by the Parliament Street think tank, were revealed just as ministers ordered an urgent search of their offices in the wake of the security breach that saw former health secretary, Matt Hancock, unknowingly filmed in his office.
In a related move, Sir Lindsay Hoyle, the speaker of the House of Commons, ordered a security review of parliament.
“Far too many public sector organisations continue to operate without full visibility into network traffic, making it harder to spot hostile threats and take action before the damage is done,” said cyber expert, Andy Harcup, senior director at Gigamon.
“The Cabinet Office is tasked with managing some of the most sensitive data imaginable, so increasing cyber training and resources is a wise move, particularly with hackers relentlessly targeting government departments.”
From the archive: Today’s gamers can be the cybersecurity stars of tomorrow
The course most utilised by Cabinet Office staff was, by a distance, NCSP Foundation e-Learning, with 332 bookings for introductory training on how to prevent, detect and respond to cyber-attacks.
Other courses undertaken included training in the art of hacking, digital forensics, ethical hacking and – with 33 takers, the second most popular offering – a foundation certificate in cybersecurity.
“It’s encouraging to see the government levelling up its cyber defences, particularly at a time when recent CCTV leaks are raising fresh questions about security standards across Whitehall,” said security specialist Edward Blake, area vice president EMEA, Absolute Software.
“In addition to training staff with the latest cyber skills, it’s also critical to ensure government devices containing confidential data are properly protected, so they can be tracked, wiped or frozen in the event of loss or theft.
“Additionally, staff should be urged to report incidents of data loss or suspected hacking with immediate effect so action can be taken to recover or remedy the situation.”
Blake was speaking shortly before a member of the public reported finding a “soggy heap” of classified Ministry of Defence papers left at a bus stop in Kent.