Public services relied on by millions, including the NHS, the Legal Aid Agency, and thousands of other government‑run systems, are becoming significantly safer thanks to major improvements in detecting and fixing cyber threats, according to new government data.
A specialist government‑run vulnerability monitoring service, introduced through the Blueprint for modern digital government published in January 2025, has reduced the average time to fix serious Domain Name System security weaknesses from nearly two months to just eight days.
DNS helps users reach legitimate websites safely. Weaknesses in DNS settings can enable attackers to redirect users to fraudulent sites, steal sensitive data or disrupt essential services – posing risks for anyone accessing government platforms.
Before the new system was introduced, a DNS vulnerability could go unnoticed for around 50 days – long enough for a hostile actor to hijack traffic meant for GP booking systems, ambulance services, or legal support. Today, the VMS detects and escalates the same issues six times faster.
Speaking at the annual Government Cyber Security and Digital Resilience Conference, Digital Government Minister Ian Murray confirmed that the government has reduced its backlog of unresolved vulnerabilities by 75%, sharply shrinking the window in which cyber criminals could target essential public services.
The VMS now:
- Scans more than 6,000 public sector bodies
- Detects around 1,000 types of cyber vulnerabilities
- Alerts organisations with specific, actionable guidance
- Tracks each issue until fully resolved
- Processes and resolves around 400 confirmed vulnerabilities per month
This includes improvements not only to DNS issues but to a wider range of cyber weaknesses. Median fix times for non‑DNS vulnerabilities have fallen from 53 days to 32 days.
To further boost resilience, the government is launching the first‑ever dedicated government Cyber Profession, co‑branded with the Department for Science, Innovation and Technology and the National Cyber Security Centre.
The new profession will introduce:
- A competitive employment offer for cyber experts
- A Cyber Resourcing Hub to streamline recruitment
- A clear career framework aligned with UK Cyber Security Council standards
- A new government Cyber Academy for training and development
- A specialist cyber apprenticeship scheme for growing future talent
- Structured long‑term pathways to build capability across the public sector
Ian Murray, Minister for Digital Government, said:
“Cyber-attacks aren’t abstract threats — they delay NHS appointments, disrupt essential services, and put people’s most sensitive data at risk. When public services struggle it’s families, patients and frontline workers that feel it.
“The vulnerability monitoring service has transformed how quickly we can spot and fix weaknesses before they’re exploited so we can protect against that. We’ve cut cyber-attack fix times by 84% and reduced the backlog of critical issues by three quarters. And as the service expands to cover more types of cyber threats, fix times are falling there too.
“But technology alone isn’t enough. Today I’m launching a new government Cyber Profession to attract and develop the talented people we need to stay ahead of increasingly sophisticated threats - making government a destination of choice for cyber professionals who want to protect the services that matter most to people’s lives.”
The North West – particularly Manchester – will serve as a primary hub, building on the region’s expanding digital ecosystem and the upcoming government Digital Campus. The government says these reforms mark a decisive step in protecting frontline services from disruptive cyber activity that can affect GP surgeries, local government bodies, and NHS trusts.
By significantly reducing the time that vulnerabilities remain open, the government is helping ensure services millions depend on can operate safely and reliably.
Image credit: iStock
