The UK’s Cabinet Office increased its cyber security training budget to £274,142.85 in the fiscal year 2021 – a 483% increase from the £47,018 spent in the previous year.
That's according to new findings from the Parliament Street think tank, which obtained the information using a Freedom of Information (FOI) request.
In its FOI response, the Cabinet Office detailed the cyber security courses attended by its staff, revealing that the number of booked courses grew from 35 in 2019-20 to 428 in the current fiscal year.
Most employees attended the introductory level training on how to prevent, detect and respond to cyber attacks provided by the NCSP Foundation e-Learning, which received 332 bookings. Others included the Foundation Certificate in Cyber Security, attended by 33 staffers, ‘the art of hacking’ which was attended by 12, and the ‘digital forensics fundamentals’ attended by two staffers.
However, only one Cabinet Office employee attended the ‘ethical hacking’ course. More interest was shown in becoming a certified Lead Auditor, with four staffers attending a ‘CyberSec First Responder’ course.
Parliament Street’s findings come days after CCTV footage of Health Secretary Matt Hancock and aide Gina Coladangelo was leaked to the press. The footage showing the two co-workers in a passionate embrace is thought to have been leaked by an unknown whistleblower, which has led to a potential ICO investigation. Hancock has since resigned, having been replaced as Health Secretary by Sajid Javid.
Owning your own access security
The key to building strong cloud security and avoiding the risk of vendor lock-in
Commenting on the spending, security specialist Edward Blake said that “it’s encouraging to see the government levelling up its cyber defences, particularly at a time when recent CCTV leaks are raising fresh questions about security standards across Whitehall”.
“In addition to training staff with the latest cyber skills, it’s also critical to ensure government devices containing confidential data like laptops are properly protected, so they can be tracked, wiped or frozen in the event of loss or theft. Additionally, staff should be urged to report incidents of data loss or suspected hacking with immediate effect so action can be taken to recover or remedy the situation,” he added.
