Cyberattacks on public institutions are becoming more frequent and sophisticated, and with our reliance on technology, the stakes have never been higher. According to the UK Government’s Cyber Security Breaches Survey 2024, half of businesses (50%) and around a third of charities (32%) experienced cyber breaches or attacks last year. Given the scale of these attacks, it is no surprise that government bodies, which hold vast amounts of highly sensitive data, are also attractive targets.
Cybercriminals can exploit vulnerabilities in public sector IT systems and processes to target them with phishing scams, distributed denial of service (DDoS) attacks, ransomware and more. Sensitive data including personal records, financial details, and classified intelligence are valuable to cybercriminals, making public institutions prime targets for data theft and ransomware.
In addition to this, geopolitical tensions mean that attacks aimed at disrupting the availability of critical systems are also commonplace. For instance, the attack on the British Library in October 2023, which impacted digital services for months and had an estimated direct cost of £600,000 is just one example of how damaging these incidents can be.
Incident response consultant at Systal.
The true cost of cyberattacks: more than just money
The financial impact of cyberattacks on government bodies can be staggering. In 2023, UK organizations spent an average of £1,100 per cyberattack, but for public institutions, the costs can be far greater. The 2025 NAO report on Government Cyber Resilience highlights how these attacks not only disrupt essential services but also lead to huge multifaceted costs including initial response, regulatory fines, recovery, litigation, and in some cases, ransom payments.
The financial impact isn’t the only problem. Cyberattacks also erode public trust which can prove to also be costly, especially in today's volatile political climate. When government agencies fail to protect personal data or ensure services continue running smoothly, confidence in public institutions undoubtedly takes a hit.
Rebuilding that trust can take years, and in the meantime, the British public may become wary of engaging with digital government services. This would ultimately make public services less efficient and more costly to run.
Outdated systems, outdated defenses and the cyber skills gap
One of the biggest challenges in tackling cyber threats in the UK is the cybersecurity skills shortage. The UK Government’s Cyber Security Skills in the UK Labour Market 2024 report found that nearly half (44%) of businesses have skills gaps in basic technical areas. Public institutions, which often work within tight budgets, can struggle to attract and retain cybersecurity professionals, leaving them vulnerable to attacks.
At the same time, many government bodies are still relying on outdated IT systems. The same 2025 NAO report found that 228 legacy systems that lack security patches are still in use across government agencies, with 53% (120 systems) having no fully funded plan for replacement or upgrades.
Many of these systems operate on outdated software that no longer receives security updates, making them easy targets for hackers. While replacing these systems is costly and complex, failing to do so only increases the risk of future cyber incidents.
Bridging the gap
Tackling these cybersecurity challenges requires investment, but being proactive is far more cost-effective long-term than constantly firefighting cyber breaches. Another key priority is improving incident response capabilities.
Cyberattacks are not just a possibility but an inevitability, and government agencies must be equipped to detect and rapidly respond to threats. Investing in advanced monitoring systems, real-time threat intelligence sharing, and dedicated incident response teams can significantly reduce the impact of cyberattacks, ensuring that disruptions are minimized, and services can quickly recover.
Increasing government funding and strategic planning for cybersecurity is also crucial. Cybersecurity cannot be treated as an afterthought, it must be a core component of government budgets and long-term strategy. Allocating sufficient resources for risk assessments, cybersecurity training, and continuous upgrades to IT infrastructure will ensure that public services remain secure and resilient against evolving threats.
Addressing the cyber skills gap is another fundamental aspect of strengthening the cybersecurity of UK Public Services. The shortage of skilled professionals means many public sector organizations lack the expertise needed to defend against and recover from cyberattacks.
The government must take action to attract and retain cybersecurity professionals by offering competitive salaries, investing in robust training programs, and promoting cybersecurity careers within the public sector. Additionally, upskilling existing employees with cybersecurity training can help build a more resilient internal security workforce, reducing the reliance on external expertise.
Securing the UK’s public services
The increasing threat of cyberattacks on UK public services cannot be ignored. With financial losses increasing, public trust on the line, and outdated IT systems creating massive vulnerabilities, there is an urgent need for action. By modernizing IT infrastructure, strengthening incident response, increasing funding, and addressing the cyber skills gap, the UK government can safeguard public services against cyber threats.
Failing to act now will only lead to greater costs, more disruptions, and an even more vulnerable public sector. Therefore, cybersecurity must be a top priority to protect public services, data, and finances from an ever-growing digital threat.
We've featured the best encryption software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.