May 14th 2025
A new report from the Public Accounts Committee (PAC) – a group of MPs who check how public money is spent – has raised concerns about the UK government’s ability to protect essential public services from cyber attacks. The report warns that many government departments are not doing enough to prepare for cyber threats, and that serious gaps in leadership, staffing and outdated IT systems are leaving services vulnerable.
However, the Department of Health and Social Care (DHSC) is highlighted in the report as a positive example of what’s possible. The PAC says other government departments could learn from the progress made in health and social care.
Positive steps from the Department of Health and Social Care
The report praises the DHSC for taking cyber security seriously and for supporting the Government Cyber Security Strategy 2022–2030. This is a long-term plan to help public services, including the NHS and adult social care, become more resilient to cyber attacks.
The DHSC also helped to set up the Government Cyber Coordination Centre (GC3) in 2023. This centre helps public sector organisations to share information about cyber threats and to learn from each other. This kind of collaboration makes it easier to spot risks and take action quickly if something goes wrong.
Tackling the shortage of cyber experts
One of the challenges across government is a shortage of skilled cyber professionals. The DHSC has taken steps to grow its own digital and cyber workforce – it now employs around 23,000 digital staff, which is about 6% of the total civil service workforce.
The department is also investing in career pathways, such as the cyber “fast stream” for graduates and the “TechTrack” apprenticeship programme. These are designed to attract new talent into the sector.
The report also notes that the DHSC is working to make the cyber workforce more diverse. At present, only 20% of cyber professionals are women. The department is taking steps to improve this and to make the field more inclusive.
Making cyber a priority for senior leaders
The PAC also praises the DHSC for making sure that cyber risks are taken seriously by senior leaders. The department has made sure that its board-level teams include digital and cyber experts. This means that cyber security is considered when key decisions are made – not just treated as a technical issue.
There’s also a strong focus on learning from incidents. The DHSC is encouraging organisations to share experiences when things go wrong, so that others can avoid the same mistakes.
The report is clear that challenges remain – especially when it comes to replacing old IT systems and keeping up with the speed of change in cyber threats. But it also says the DHSC is on the right path and is leading the way for other parts of government.
What this means for care providers
For adult social care providers, this is an important reminder of why cyber security matters. Cyber attacks can put sensitive personal data at risk, disrupt care delivery, and affect people’s safety and wellbeing. The work being done by the DHSC helps to protect the services that people rely on every day.
For practical advice on how to improve cyber security in adult social care, visit our cyber security guidance, and complete your Data Security and Protection Toolkit at least once a year. Deadline for 2024/25 is 30 June 2025.
View all News