Cabinet Office increases cyber spending by almost 500 per cent

Report comes amidst CCTV leaks that exposed security issues plaguing Whitehall

The Cabinet Office has spent more than £300,000 on cyber training courses for its staff over the last two years.

That's according to the Parliament Street think tank, which obtained the data through a Freedom of Information (FOI) request. The request showed that the Cabinet Office spent £274,142 on training courses covering ethical hacking, digital forensics and cyber security in the 2020-21 financial year.

That is up 483 per cent, from the £47,018 spent on cyber training in the previous financial year.

In total, the Office has spent about £321,161 over the two-year period, according to official figures.

Cabinet Office staff attended 428 separate cyber training courses in FY 20-21, compared to 35 such courses in FY 19-20, the figures revealed.

The most popular course was the NCSP Foundation e-Learning course, with 332 bookings. This introductory level course teaches employees how to identify and respond to cyber attacks.

Second was the Foundation Certificate in Cyber Security. It was attended by 33 staffers in the last financial year.

Other courses included training in the art of hacking (12 employees), Certified Lead Auditor (four employees), Digital Forensics Fundamentals (two employees), CyberSec First Responder (one employee) and ethical hacking (one employee).

The findings come days after leaked CCTV footage of former Health Secretary Matt Hancock showed him mid-embrace with his aide Gina Coladangelo.

The footage is thought to have been leaked by an unknown whistleblower. Hancock has since resigned, having been replaced as Health Secretary by Sajid Javid.

Javid said on Monday that the mysterious CCTV camera inside the departmental office, apparently hidden inside a smoke detector, had been removed.

The government has said it will investigate how the camera came to be placed, and how the footage was leaked in an apparent security breach.

"I haven't disabled the camera that you are talking about, but it has been disabled by the department," Javid told reporters.

Commenting on Cabinet Office's cyber spending, security expert Andy Harcup, senior director at Gigamon, said: "The Cabinet Office is tasked with managing some of the most sensitive data imaginable, so increasing cyber training and resources is a wise move, particularly with hackers relentlessly targeting government departments."

Harcup stressed that big organisations with overstretched IT staff require complete visibility in order to manage complex cloud environments as well as tracking security threats to keep critical data safe.

Security specialist Edward Blake, Area Vice President EMEA, Absolute Software, stated that in addition to training staff, the government must also take steps to ensure that government devices containing sensitive data are properly protected, so they can be tracked, wiped or frozen in the event of loss or theft.

"Additionally, staff should be urged to report incidents of data loss or suspected hacking with immediate effect so action can be taken to recover or remedy the situation," he added.