Houses of Parliament blocks more than 46 million email attacks over three years

Data shows upwards trajectory in scale of cyberattacks

Data revealed under Freedom of Information Act illustrates the remorseless nature of the threat that UK government agencies face from cyberattacks.

The Houses of Parliament have intercepted and rejected over 46 million email attacks in the past three years as part of ongoing efforts to protect its network from escalating cyber threats, according to research.

The findings were revealed under the Freedom of Information Act (FOI) and analysed by the Parliament Street think tank, observing the number of blocked phishing, malware and spam attacks blocked by the Houses of Parliament.

Between November 2023 and October 2024, 17,221,783 emails were rejected, marking a significant increase from the period of 2021-2022 of 14,461,749 rejected emails.

Emails continue to be a major source of cybercrime, for the simple reason that it’s an easy and effective path into an organisation. According to Verizon, last year, 94% of ransomware was delivered via email.

Alfie Scarborough, CEO of adCAPTCHA, said: “No organisation is safe from security threats, with malicious cybercriminals targeting sensitive personal details and policy data for high-ranking public officials. Bot networks are often the entry point for email attacks, infiltrating IT systems, and with bot networks accounting for half of global internet traffic, it’s vital that these threats are taken seriously.”

Parliament clearly does take these threats seriously, but the data illustrates the remorseless upward trajectory of cyberattacks on local and national government infrastructure. The Joint Committee on National Security Strategy (JCNSS) reported at the end of 2023 on what it considered to be the lack of preparedness of the public sector in the UK for significant ransomware attack. The report said:

"If the UK is to avoid being held hostage to fortune, it is vital that ransomware becomes a more pressing political priority, and that more resources are devoted to tackling this pernicious threat to the UK's national security."

The last known successful cyberattack on parliament was in 2017, but there have been numerous successful attacks on government departments such as the Ministry of Defence, local government, schools, police forces and even the Electoral Commission. The agencies tasked with detection, response and recovery from ransomware attacks remain under resourced and lack the necessary capability.

The Home Office launched a consultation on ransomware last week, a move greeted positively by the JCNSS. One aspect of the consultation is a possible ban on all public sector bodies and operators of critical national infrastructure making payments to ransomware operators.

Andy Ward, SVP International of Absolute Security said: "These findings highlight the increasing scale and sophistication of email-based cyber threats, with cybercriminals relentlessly targeting these institutions to exploit vulnerabilities. Successfully breaching these systems could grant access to critical networks, sensitive government communications, and national security data, amplifying the consequences of an attack."

Patrick Sullivan, Chairman of the Parliament Street think tank warned: “The UK is under siege from overseas, with nation-state backed attacks bombarding our IT systems

“The Serjeant-at-Arms and Parliamentary security team should be on high alert, upping resources and defending against these threats which won’t be slowing down any time soon. All the focus is on artificial intelligence, but the government and the NCSC need to take notice and shut down these incoming attacks rather than getting side tracked. Anything less would be negligence and daring the next big cyber-attack to happen.”

Want to know more? Computing’s Cybersecurity Festival returns to London in May, where senior IT decision makers can hear speakers such as Ian Kirby, CEO of the National Cyber Resilience Centre Group and former hacker Greg van der Gaast. Click here to register for free.