Research from Bridewell has shown that management of Cloud cybersecurity is the chief challenge for UK central government organisations. Given the vast amount of sensitive information these organisations hold, data protection and privacy emerged as the second biggest concern, followed by regulatory compliance. The study, ‘Cyber Security in Government: 2025’, also highlights the complexities of managing large data sets and legacy technologies combined with a lack of resource, budget and specialist talent.
The study surveyed UK central government organisations as part of Bridewell’s wider ‘Cyber Security in Critical National Infrastructure: 2025’ report. It highlights the sector’s greatest cyber security challenges and how government organisations are adapting to the evolving threats posed by AI and nation-state threats.
The main findings include:
Managing Cloud cybersecurity presents complex challenges
Managing Cloud cybersecurity has emerged as the main challenge for government organisations to contend with, according to 42% of respondents. This challenge comes amid a continued push towards Cloud adoption across government departments under initiatives such as the Unity programme, moving core ERP, HR, and finance systems online.
Meanwhile, data protection and privacy remain key concerns, with over a third (37%) of respondents expressing worry in this area. This is expected given the longstanding concerns around the vast volumes of sensitive and confidential data held by the government.
Response times to ransomware events have nearly doubled
The average response time for ransomware attacks within the government sector is 11.32 hours which has increased significantly compared with last year’s report, where respondents claimed it took fewer than six hours to respond to an incident. This is concerning when taking into consideration that ransomware remains the biggest type of cyber attack facing government entities.
This year’s report also found that data theft or disclosure incidents had the longest average response time among cyber events, with a response time of 11.38 hours.
Nation-state threats remain a top concern
When asked about the level of concern regarding future events and nation state threats in 2025, 82% of respondents admitted that Russia state-linked actors are the biggest concern. In recent months, there has been an uptick in Russian-linked groups targeting CNI globally. For example, in February 2025 Microsoft identified a campaign targeting governments, NGOs and critical infrastructure, carried out by a Russian aligned threat group dubbed Storm-2372.
Overall, the key concerns identified state-linked actors (China state-linked actors 79%, Iran state-linked actors 69% and North Korea state-linked actors 66%). However, other unpredictable global events, like a global health crisis (73%), proved a significant concern for respondents.
AI botnets emerge as significant attack vector
AI threats within the sector are still at the forefront of the mind for government organisations, as over eight in 10 (83%) respondents claim they are most concerned about AI botnets. This could have been driven by the recent warning issued by the National Cyber Security Centre (NCSC) about the Flax Typhoon Group in China using a company to manage a global botnet of 260,000 compromised devices.
Over half of organisations outsource MDR services for OT cyber security
Government entities often outsource the cyber security of OT systems to contend with emerging threats and manage complex environments. In terms of the areas most outsourced, the survey found that over half of respondents have said they fully or partially outsource digital forensics and incident response (52%) and managed detection response (55%). In addition, half of respondents within the sector outsource their SOC, vulnerability management and cyber security audits.
AI-driven attacks cause rising concern for OT professionals
The most frequently cited significant threats to OT environments are AI and machine-learning based, as 31% of respondents expressed concerns. But 29% highlighted remote access as a significant threat, while 26% identified malware, phishing and ransomware.
Skills shortages and budget constraints remain ongoing challenges
The cyber skills gap is a persistent and serious challenge in the central government, undermining efforts to strengthen resilience. Reflecting this, government organisations are investing money into building strong teams, both in-house and through external partnerships. Nearly a fifth (19%) of central government organisations currently spend up to 10% of their cybersecurity budgets on in-house IT staff, while 13% spend up to 10% on in-house OT personnel. Additionally, 42% of central government organisations are devoting between 11% and 20% of their cyber budgets to managed security services for OT.
“This year’s research shows that the UK government sector urgently needs renewed focus on cybersecurity,” said Anthony Young, CEO of Bridewell. “With Cloud migration, AI threats, and ongoing skills shortages, current defences aren’t enough. Only a third plan to boost spending, yet investment in people, processes, and managed services is critical to strengthening resilience against increasingly complex and persistent threats.”
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.