The Cabinet Office has increased its funding for staff cybersecurity training by 483% in the last year, according to data obtained by the Parliament Street think tank.
£274,142.85 was spent on cybersecurity training for staff in the 2020-21 financial year.
Only £47,018 was spent during the same time period in the previous year, as revealed by official figures obtained using Freedom of Information (FOI) legislation.
The findings are revealed amidst a series of security issues plaguing Whitehall, including CCTV of former Health Secretary Matt Hancock and his mistress in a passionate clinch being leaked by an unknown whistleblower.
Hancock resigned following the leaked footage and The Guardian reported that the Information Commissioner’s Office (ICO) has raided the homes of two people linked with the leak.
Additionally, the House of Commons has pushed through over 2,600 out of 3,000 members of staff through cyber training following the Hancock CCTV leaks.
Matt Hancock himself came under even further scrutiny following the scandal, when it was reported in June that his use of a a private email account to conduct government business may have exposed the government to cyber risk.
RELATED: KPMG launches Cyber Security Academy for NI graduates
The Cabinet Office, which is run by Michael Gove MP and his close team of special advisers, is responsible for supporting the Prime Minister and Cabinet of the UK.
The full FOI response included a complete breakdown of the courses attended by Cabinet Office staff and revealed that 428 separate cyber training courses were booked in between April 2020 and April 2021, compared to just 35 the prior year.
By far the most popular course, which received 332 bookings, was for NCSP Foundation e-Learning – this course provides introductory level training on how to prevent, detect and respond to cyber-attacks.
RELATED: 34% of UK companies close due to ransomware
The second most popular course was for a Foundation Certificate in Cyber Security, attended by 33 staffers in the last year. 33 employees also attend this course between 2019 and 2020.
Some other cyber training courses attended in FY 20-21 included training in ‘the art of hacking’, attended by 12; ‘digital forensics fundamentals’, attended by two; ‘ethical hacking’, attended by one. Also, four staffers underwent training to become a certified Lead Auditor, and one joined a ‘CyberSec First Responder’ course.
RELATED: Allstate NI offers free cyber safety training for older adults
Cyber expert Andy Harcup, senior director at IT security firm Gigamon, said that "increasing cyber training and resources is a wise move", as the Cabinet Office is tasked with managing some of the nation's most sensitive data.
"However, far too many public sector organisations continue to operate without full visibility into network traffic, making it harder to spot hostile threats and take action before the damage is done," he added.
Large organisations with overstretched IT teams require complete visibility in order to manage complex cloud environments as well as identifying security threats to keep critical data safe, so taking action in this area must be a top priority.”
Security specialist Edward Blake is a vice preseident at Absolute Software.
He added that as well as cyber upskilling, “it’s also critical to ensure government devices containing confidential data like laptops are properly protected, so they can be tracked, wiped or frozen in the event of loss or theft.
"Additionally, staff should be urged to report incidents of data loss or suspected hacking with immediate effect so action can be taken to recover or remedy the situation," he noted.
