Info Gov

The Greater London Authority must urgently overhaul its cyber security arrangements in the wake of a series of high profile attacks across the public sector, the GLA Oversight Committee has warned in a new report prompted by the 2024 cyber attack on Transport for London (TfL).

The investigation, led by Committee Chair Emma Best, was triggered after a “significant cyber attack on TfL that also affected the GLA” in August 2024, which TfL said caused it £32m of damage and disrupted TfL services for three months.

The Oversight Committee’s report noted that local government now reports “three to four times more cyber incidents than national government”, with recent attacks on the British Library, NHS Synnovis and Hackney Council demonstrating the scale of operational and financial damage that can result.

The Committee warned that the GLA must “recognize the scale of cyber threats and take proactive measures to mitigate risks”.

It set out eleven recommendations, including:
• developing a benchmarking approach for cyber security investment
• regular reporting on legacy systems and supply chain risks
• ensuring all supply chain organisations achieve Cyber Essentials Plus
• assessing the effectiveness of staff training and monitoring completion rates
• conducting regular cyber security exercises and improving incident reporting

The report concludes that the GLA must adopt a more systematic, better resourced and more transparent approach to cyber security if it is to withstand the rapidly evolving threat landscape.

However, it also reported that many public authorities, especially those in London, were struggling to compete with private sector salaries for technical staff. TfL’s chief technology officer Shashi Verma described London’s technology recruitment market as “particularly difficult” with cyber roles affected by a “national skills shortage”. The GLA is now restructuring its workforce to improve career development and pay for IT and cyber roles.

Legacy systems “significant risk”
Legacy technology is identified as one of the most serious vulnerabilities facing public authorities. The report notes that the British Library attack was worsened by outdated systems, while TfL has faced criticism for software “compatible with Internet Explorer 6”.

Verma acknowledged the challenge of managing a vast estate with entrenched legacy systems, warning that transitioning to modern security practices requires “significant investment” and long term planning.

The Committee also found that supply chain vulnerabilities are increasingly exploited by attackers. Understanding the full chain is “complex, as it includes multiple layers of suppliers”. The report calls for all supply chain organisations to complete the NCSC’s Cyber Essentials Plus certification.

The report emphasised that in addition to improving technology, a strong cyber security culture is described as essential, with committee member Dianne Tranmer warning that “human error can undermine even the best technical defences”. Phishing remains the most common attack vector, and ransomware incidents doubled in 2025.

Leadership engagement with the issue is improving, the committee said, with both TfL and the GLA listing cyber security as a top corporate risk. Gareth Miles, the Head of Crime at the National Fraud Intelligence Bureau with the City of London Police, who contributed to the report, emphasised the need for robust governance and risk management frameworks tp combat the risk of cyber attacks.

TfL attack: £32m impact
The September 2024 attack on TfL was described as “sophisticated” and resulted in costs estimated at £32 million. Immediate containment required shutting down services, and although public facing disruption was limited, the attack caused a data breach affecting 5,000 customers.

TfL received commendations from the NCSC for its response, despite ongoing concerns about legacy systems. Two UK teenagers Thalha Jubair, 19, from East London, and Owen Flowers, 18, from Walsall, alleged to be part of an online criminal collective known as Scattered Spider, were charged with conspiring to commit unauthorised acts against Transport for London (TfL) under the Computer Misuse Act in connection with the attack. Both pleaded not guilty in November 2025 and are on remand awaiting trial in June 2026.

At the time, the head of the NCA’s National Cyber Crime Unit, Paul Foster, warned of an increase in the threat from cyber criminals based in the UK and other English-speaking countries, of which Scattered Spider was a clear example.

Also in this section

Jul 16, 2026

Scattered Spider pair jailed over TfL hack

Two members of the Scattered Spider hacking collective have each been jailed for five and a half years at Woolwich Crown Court on 16 July over a 2024 cyber attack on Transport for London that compromised the personal data of millions of customers and cost the transport authority £39 million.
Jul 15, 2026

Government introduces mandatory data breach reporting protocol

The Cabinet Office has published a Model Action Plan setting out a single cross-government framework that all departments and arms-length bodies must follow when responding to significant personal data breaches, introducing mandatory central reporting of such incidents for the first time.
Jun 29, 2026

"Five eyes" warn on accelerating cyber security threat from AI

The National Cyber Security has called on organisational leaders to treat cyber resilience as a core business and governance responsibility rather than a technical matter in the light of a report by the Five Eyes intelligence alliance on the "fundamental" impact of AI on the speed and scale of cyber threats.
Jun 15, 2026

Government AI hackathons uncover 407 vulnerabilities across nine departments, including critical remote code execution flaw

A pilot programme using frontier AI models to scan public-sector code repositories has identified 407 security findings across nine government organisations, including a critical vulnerability that could have allowed an external attacker to execute arbitrary code on a key digital service, the Department for Science, Innovation and Technology (DSIT) and the National Cyber Security Centre (NCSC)…

InfoGov Masthead Newsletter 800