The Cabinet Office has splashed £274,142.85 on cyber security training for staff in the most recent financial year (FY 20-21) – a 483 per cent increase on the £47,018 in the previous year (FY 19-20), according to official figures. The total spend over the two year period was £321,161.66.
The data, obtained by the Parliament Street think tank using Freedom of Information (FOI) legislation, is revealed amidst a series of security issues plaguing Whitehall, including CCTV of former Health Secretary Matt Hancock and his mistress in a passionate clinch being leaked by an unknown whistleblower.
The Cabinet Office, which is run by Michael Gove MP, and his close team of special advisers, is responsible for supporting the Prime Minister and Cabinet of the UK.
The full FOI response included a complete breakdown of the courses attended by Cabinet Office staff and revealed that 428 separate cyber training courses were booked in FY 20-21, compared to just 35 in FY 19-20.
By far the most popular course, which received 332 bookings, was for NCSP Foundation e-Learning – this course provides introductory level training on how to prevent, detect and respond to cyber-attacks.
The second most popular course was for a Foundation Certificate in Cyber Security, attended by 33 staffers in FY 20-21. 33 employees also attend this course in FY 19-20.
Some other cyber training courses attended in FY 20-21 included training in ‘the art of hacking’, attended by 12; ‘digital forensics fundamentals’, attended by two; ‘ethical hacking’, attended by one. Also, four staffers underwent training to become a certified Lead Auditor, and one joined a ‘CyberSec First Responder’ course.
Cyber expert Andy Harcup, senior director at Gigamon, said: “The Cabinet Office is tasked with managing some of the most sensitive data imaginable, so increasing cyber training and resources is a wise move, particularly with hackers relentlessly targeting government departments. However, far too many public sector organisations continue to operate without full visibility into network traffic, making it harder to spot hostile threats and take action before the damage is done. Large organisations with overstretched IT teams require complete visibility in order to manage complex cloud environments as well as identifying security threats to keep critical data safe, so taking action in this area must be a top priority.”