The UK government has claimed it has reduced its backlog of critical vulnerabilities by 75% and reduced cyber-attack fix times by 87%.
Serious security weaknesses in public sector websites are fixed six times faster, cutting the average time from nearly two months to just over a week, the UK government said in an update published on 26 February.
According to the official statement, the progress comes following the introduction of a specialist government vulnerability monitoring service (VMS), which came about as part of the blueprint for modern digital government policy paper published on January 21.
The VMS is a Department for Science, Innovation and Technology (DSIT) service which uses both commercial and proprietary scanning tools in public sector internet-facing assets.
The vulnerabilities the government is specifically tackling are Domain Name System (DNS) issues which can allow attackers to redirect users to fraudulent sites, steal sensitive data, or take services offline entirely.
Read more: UK’s Cyber Service for Telcos Blocks 1 Billion Malicious Site Attempts
The government admitted that before the VMS was in place, a weakness in a government DNS record could go unnoticed for nearly two months.
The vulnerability monitoring service has closed this window down to eight days, according to the government update. It alerts the right people with clear, practical guidance on how to fix the problem, and tracks progress until each issue is resolved.
The VMS continuously scans 6000 UK public sector bodies, detecting around 1000 different types of cyber vulnerabilities.
Government to Attract Cyber Talent to Keep UK Safe Online
Minister for Digital Government Ian Murray also launched a new government Cyber Profession initiative to attract and develop cyber talent.
The Cyber Profession initiative is co-branded with DSIT and the UK’s National Cyber Security Centre (NCSC).
It will introduce a competitive total employee offer, establish a dedicated Cyber Resourcing Hub to streamline recruitment, and create a clear career framework aligned with UK Cyber Security Council professional standards.
Cyber Profession will also include a government Cyber Academy for training and development, a new apprenticeship scheme to build future talent and structured career pathways to strengthen long-term capability across the public sector.
The North West will serve as a primary hub for the profession, building on Manchester’s growing digital ecosystem and the forthcoming government Digital Campus.
“As our public services continue to innovate, it is vital that they remain resilient to evolving threats and vulnerabilities are being effectively managed to reduce the chances of disruption.
“The government Cyber Action Plan is a crucial step in building stronger cyber defenses across our public services and the launch of the government Cyber Profession today will help attract and retain the most talented professionals with the top-tier skills needed to keep the UK safe online.”
The UK government in the Cyber Action Plan, launched on 6 January 2025, has earmarked £210m ($285m) for investment in the improvement of government cybersecurity standards.
