Just £648m is left from the £1.3bn allocated to National Cyber Security Programme, which runs from 2016-21, the National Audit Office pointed out in a report released today.
The programme was set up to deliver the government’s National Cyber Security Strategy, which was given a total of £1.9bn and is made up of 12 goals to be reached by 2021. £1.3bn of the total fund was given the National Cyber Security Programme.
The NAO said that of the government’s 12 strategic outcomes the Cabinet Office – coordinating the programme - now “only expects to achieve one by 2021”.
This is “partly due to the complex and evolving cyber threat” but also because the Cabinet Office did not “undertaken work to assess whether the £1.9 billion of funding was ever sufficient to achieve the strategy’s strategic outcomes”.
The NAO report said: “Consequently, the department has stated that it may take longer than 2021 to address all the complex cyber security challenges set out in the strategy, although it is yet to determine when the remaining strategic outcomes might be achieved.”
Part of the problem stems from the Cabinet Office’s failure to produce a business case for the programme before it was launched meaning that the Treasury “had no way to assess how much money it would need,” the report said.
Amyas Morse, head of the NAO, said: “Improving cyber security is vital to ensuring that cyber-attacks don’t undermine the UK’s ability to build a truly digital economy and transform public services.
“The government has demonstrated its commitment to improving cyber security. However, it is unclear whether its approach will represent value for money in the short term and how it will prioritise and fund this activity after 2021.”
Meg Hillier, chair of the Public Accounts Committee, said: “Government’s £1.3 billion flagship cyber security programme is yet another example of an important government programme launched without getting the basics right.
“The increasing cyber threat faced by the UK, and events such as the 2017 WannaCry attack, make it even more critical that the Cabinet Office take immediate action to improve its current programme and plan for safeguarding our cyber security beyond 2021.”
A Cabinet Office spokesperson said: “The UK is safer since the launch of our cyber strategy in 2015. We have set up the world leading National Cyber Security Centre, taken down 140,000 scam websites in the last year, and across government have helped over a million organisations become more secure.”
They added: “We recognise that there is always more to do.”