Britain’s schools and hospitals are “very likely” to suffer a “large-scale loss or hijack” of their websites, the government has admitted.
Officials have said that the internet domains of public sector websites are particularly vulnerable to being exploited by “hostile actors”.
A hack could lead to a “significant loss of information and reputation”, officials concluded.
The Department for Science, Innovation and Technology (DSIT) also said it was “likely” not to be prepared for a significant cyberattack that could “potentially contribute to a national crisis”.
A survey by the department has shown that 60 per cent of secondary schools had faced cybersecurity breaches or attacks in the last year, compared with about 40 per cent for an average business.
Just under a fifth of secondary schools said their accounts or systems were compromised and used for illicit purposes.
The NHS has also faced a series of damaging cyberattacks. Last year, doctors at two big hospital trusts in London were forced to cancel all elective inpatient procedures and admissions after a lab that processes pathology tests was hacked.
Richard Horne, the chief executive of the National Cyber Security Centre, said last month that freely available advice on cybersecurity was not being followed adequately
MATTHEW HORWOOD FOR CYBERUK/GETTY IMAGES
Government security experts have warned that the increasing sophistication of artificial intelligence will make cyberattacks more likely.
Richard Horne, the chief executive of the National Cyber Security Centre, wrote in a letter to The Times in May that organisations “must operate in a way that minimises the risks”, adding that freely available advice is “not being followed nearly enough across the UK”.
GCHQ has warned of a growing threat from hacktivists — such as the Holy League — aligned to Russian and Iranian intelligence agencies, who increasingly seek to target critical, national infrastructure systems in an attempt to sow societal unease.
Earlier this year, hackers claimed to have carried out simultaneous attacks on the websites of the British Army, Royal Navy and Office for Nuclear Security.
In January, the signing of a 100-year partnership between Britain and Ukraine prompted a wave of attacks from a Holy League member, NoName057(16), against several local councils, the North East Combined Authority and National Highways.
GCHQ analyses and sometimes disrupts the communications of the UK’s adversaries and monitors the nation’s cybersecurity
TIMES PHOTOGRAPHER RICHARD POHLE
A government spokesman said: “We have always been clear with the public that the cyberthreats we face are sophisticated, relentless, and costly.”
Ministers are introducing the Cyber Security and Resilience Bill to parliament this year, which would compel more organisations to meet new cybersecurity requirements.
The Home Office has said it will ban all public sector bodies and those responsible for critical national infrastructure from making ransomware payments.
The DSIT annual report laid several other risks it considered “likely” to happen, including that the department is “insufficiently prepared to play our role in responding to major incidents”.
The risk that hostile actors take advantage of the transparency of research and development work supported by the government was also categorised as “likely”, as was “unintended technical issues” affecting the suite of government apps and websites which have seen significant updates in recent years.
The department also said it was “possible” that several universities go bankrupt and shut down, affecting the country’s capacity for top research.
