LONDON, Jan 29, 2025 (BSS/AFP) - The threat posed to the UK government by cyber crime is "severe and advancing quickly", with a shortage of cyber skills and aging IT systems among issues of concern, a watchdog warned Wednesday.

"To avoid serious incidents, build resilience and protect the value for money of its operations, government must catch up with the acute cyber threat it faces," said Gareth Davies, head of the National Audit Office which produced the report.

"The government will continue to find it difficult to do so until it successfully addresses the long-standing shortage of cyber skills, strengthens accountability for cyber risk and better manages the risks posed by legacy IT," he added.

The watchdog found more than 50 percent of positions in several departments' cyber security teams were vacant in 2023/24.

At least 228 out-dated IT systems were also in use as of March 2024, with officials unable to assess how vulnerable they might be to attack.

Geoffrey Clifton-Brown, head of a cross-party committee of MPs, has said public services had been left "exposed" because the government response had "not kept pace" with the evolving cyber threat.

The watchdog's report "must serve as a stark wake-up call to government to get on top of this most pernicious threat," he said.

The National Cyber Security Centre managed 430 cyber incidents between September 2023 and August 2024, of which 89 were deemed to be "nationally significant".

Officials said last year an international operation led by UK and US law enforcement had severely disrupted "the world's most harmful cybercrime group", the Russian-linked ransomware specialist LockBit.

LockBit and its affiliates have targeted governments, major companies, schools and hospitals, causing billions of dollars of damage and extracting tens of millions in ransoms from victims.

Their targets included Britain's Royal Mail, US aircraft manufacturer Boeing, and a Canadian children's hospital.

In January 2023, US law enforcers shut down the Hive ransomware operation which had extorted some $100 million from more than 1,500 victims worldwide.

In June 2024, a cyber attack on service supplier Synnovis hit blood transfusions, and hundreds of appointments and operations were cancelled at two of the UK's biggest hospitals -- King's College Hospital and Guy's and St Thomas' in the centre of the British capital.