The UK House of Commons (HoC), the house of the UK Parliament, has pushed through over 2,600 out of 3,000 members of staff through cyber training following the Whitehall CCTV security leaks from the Matt Hancock scandal.
According to official figures obtained by Parliament Street think tank attained via Freedom of Information (FOI) requests, 2,658 HoC staff members were put through an eight-part cybersecurity training course during the 2020/21 financial year. The course, ‘Annual Essentials Certification,’ covers training in cybersecurity and cybercrime and is a government-backed scheme, according to the National Cyber Security Council (NCSC).
While HoCstaffers have been put through the course in previous years — 2,207 staff members attended the course in the financial year 2019/20 — an additional 400+ were put through in the most recent financial year.
Further, the FOI data revealed that the government pays a £56,400 annual subscription fee to its learning management system provider to access a broader range of courses as well as for maintenance.
In addition, in the recent financial year 2020/21, four HoC staff members were sent on a specialist training cybersecurity course costing £18,875, according to the FOI request. Over £7,000 was spent on two specialist training courses in the previous year — one on Cyber Threat Intelligence and another on becoming a cybersecurity manager.
“With rising cyber threats targeting government departments, boosting cyber skills and awareness for parliamentary staffers is a smart and necessary move,” says Andy Harcup, senior director and cyber expert at Gigamon, in a news release. “With the Covid-19 pandemic triggering a dramatic increase in flexible working, it’s more important than ever that public sector organizations have robust systems and training in place to identify potential threats.”
Whitehall, where the House of Commons is located, was under scrutiny when leaked CCTV footage showed former Health Secretary Matt Hancock kissing his aide in his office. Hancock resigned following the leaked footage. The Information Commissioner’s Office (ICO) has raided the homes of two people linked with the leak, according to the Guardian.
The FOI request put forward by Parliament Street asked for a breakdown of all employees within Whitehall who have undertaken cybercrime or cybersecurity training over the last two financial years; details on the nature of the course; and the money spent on each course.
Tim Sadler, CEO, Tessian welcomes the news that the government is investing more in cybersecurity training but warns that it’s not a one-off spend.
“It’s encouraging to see that Parliament is taking security training and awareness seriously,” he says. “Employees need access to the tools and knowledge to help them make smarter cybersecurity decisions and think twice before clicking.
“This training, though, can’t be a one-time, tick-box exercise,” he adds. “Training needs to be continuous and contextual if it’s going to resonate with people and stop mistakes from turning into breaches.”