UK government A.I CyberSecurity Scoring
UK government
Company Information
Website:https://www.gov.uk
Employees number:2,042
Number of followers:230,029
NAICS:92
Industry Type:Government Administration
Homepage:www.gov.uk
UK government Risk Score (AI oriented)
Between 600 and 649
UK governmentGovernment Administration
Updated:
07/06/2026
07/06/2026
613/1000
Poor
Caa
UK government Global Score (TPRM)
xxxx
UK governmentGovernment Administration
Score locked

UK governmentPoor
Current Score
613Caa (POOR)
01000
5 incidents
-20 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
616
JUNE 2026
613
MAY 2026
609
APRIL 2026
609
MARCH 2026
603
FEBRUARY 2026
601
JANUARY 2026
618
Cyber Attack
29 Jan 2026 • UK government
UK Government: Chinese Hackers Breach Phones of UK Officials in Long-term Cyber Espionage
Salt Typhoon: Chinese State-Backed Hackers Breach UK Government Officials’ Smartphones
598
CRITICAL-20
UK-1769712319
Chinese State-Backed Hackers Breach UK Government Officials’ Smartphones in "Salt Typhoon" Operation
A sophisticated cyber espionage campaign, attributed to Chinese state-sponsored hackers, has compromised the smartphones of senior UK government officials, including members of Prime Minister Boris Johnson’s inner circle. Dubbed "Salt Typhoon," the operation granted attackers persistent access to devices, exposing sensitive communications and raising serious national security concerns.
The breach, detected by cybersecurity agencies, appears to have leveraged zero-day vulnerabilities and advanced persistent threats (APTs) to infiltrate targets’ handsets undetected. These tactics allowed the hackers to maintain long-term surveillance, potentially intercepting confidential government dialogues.
In response, UK authorities launched a comprehensive investigation to assess the attack’s scope and prevent future incidents. Measures include strengthened security protocols, enhanced device checks, and targeted employee training to mitigate similar threats.
The incident highlights the growing sophistication of state-backed cyber espionage and the need for international cooperation in defending critical infrastructure. As threat actors refine their methods, governments face increasing pressure to adapt defensive strategies to counter evolving risks.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
DECEMBER 2025
634
Cyber Attack
19 Dec 2025 • UK government
UK Government and UK Information Commissioner’s Office: UK regulator examines possible government data breach linked to Oct cyberattack
Potential Data Breach in UK Government Systems
614
CRITICAL-20
UK-INF1766153083
UK Information Commissioner’s Office Investigates Potential Government Data Breach
The UK’s Information Commissioner’s Office (ICO) is examining a suspected data breach following a cyberattack on government systems, raising fresh concerns about the country’s data security practices. The regulator confirmed on December 19, 2025, that it had received a notification regarding the incident and is currently "assessing the information provided."
This latest breach comes amid heightened scrutiny of UK government data handling, following earlier high-profile leaks this year—including one that may have compromised the safety of thousands of Afghans. While details of the affected department and the scope of the breach remain undisclosed, the ICO’s investigation signals ongoing vulnerabilities in public sector cybersecurity.
The incident underscores persistent risks to sensitive data within government infrastructure, with potential implications for regulatory compliance and public trust. Further updates are expected as the ICO’s assessment progresses.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
NOVEMBER 2025
633
OCTOBER 2025
630
SEPTEMBER 2025
627
AUGUST 2025
625
APRIL 2025
675
Breach
01 Apr 2025 • UK government
UK Government: 43% British businesses hit by cyber attacks By Investing.com
UK Cybersecurity Breaches Hold Steady as Phishing Dominates Threat Landscape
610
LOW-65
UK-1777574162
UK Cybersecurity Breaches Hold Steady as Phishing Dominates Threat Landscape
A UK government survey revealed that 612,000 British businesses 43% of the total reported at least one cyber breach or attack in the past year, matching the previous year’s figures. The Cyber Security Breaches Survey, published on Thursday, found that phishing remained the most prevalent threat, affecting 38% of businesses, unchanged from 2024/25.
While the rate of incidents has stabilized, it marks a decline from 2023/24, when 50% of businesses experienced breaches. The survey highlights persistent vulnerabilities, with AI-driven threats emerging as a growing concern. Britain’s cybersecurity minister emphasized the need for stronger defenses, citing AI’s role in amplifying risks.
The findings follow a recent warning from the head of the UK’s cybersecurity agency about a potential surge in state-linked cyberattacks. Government officials have also issued an open letter to businesses, urging heightened vigilance against AI-powered threats. The report was produced with AI assistance and reviewed by an editor.
INCIDENT DETAILS -
TYPE
REFERENCES
JUNE 2023
709
Breach
16 Jun 2023 • UK government
UK Government (Cabinet Office, MoD, HMRC, Metropolitan Police, and other public sector departments)
2023 UK Public Sector Data Breaches Review: Exposure of Sensitive Data Including Afghans, Child Abuse Victims, and Disability Claimants
626
CRITICAL-83
UK-557083025
A 2023 review revealed 11 serious public sector data breaches across UK government entities, including the Ministry of Defence (MoD), HMRC, Metropolitan Police, and benefits systems. Key failures involved uncontrolled ad-hoc downloads of sensitive data, misdirected emails (wrong recipients/failure to use BCC), and hidden personal data in released spreadsheets. High-profile leaks included: - 10,000 Police Service of Northern Ireland (PSNI) officers’ personal data (2023). - 18,700 Afghans who worked with British military, exposing them to Taliban retaliation and forcing UK relocation efforts. - 6,000 disability claimants’ data and victims of child sexual abuse records. The government admitted only 12 of 14 security recommendations were implemented, despite the review being completed 22 months prior. The Information Commissioner (John Edwards) and parliamentary committees criticized the delays, warning of systemic negligence in data handling, eroding public trust in digital governance. The breaches risked lives (Afghan collaborators), national security (MoD/PSNI leaks), and societal harm (vulnerable groups’ exposure).
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2022
774
Breach
01 Feb 2022 • UK government
UK Government: Man's anger as brother left in Afghanistan after data breach
UK Government’s Afghan Data Breach Exposes Thousands to Taliban Risk
687
CRITICAL-87
UK-1780820727
UK Government’s Afghan Data Breach Exposes Thousands to Taliban Risk
In February 2022, a UK defence official accidentally leaked a spreadsheet containing the personal details of over 33,000 Afghans who had applied for resettlement under British schemes, including the Afghan Relocations and Assistance Policy (ARAP) and the Afghan Citizens Resettlement Scheme (ACRS). The exposed data names, contact details, and family information placed individuals at severe risk of Taliban reprisals, yet the government only became aware of the breach in August 2023 when portions of the data surfaced online.
To suppress the leak, the UK obtained an unprecedented "super-injunction" in September 2023, barring reporting on the breach and even the existence of the court order itself. The injunction, granted contra mundum (binding on all parties), was the first of its kind, preventing public disclosure and leaving affected Afghans unaware of their exposure. Meanwhile, ministers secretly established the Afghanistan Response Route, a covert relocation scheme to evacuate those at risk, without informing Parliament or the media.
The restrictions were lifted on 15 July 2025, revealing the full scale of the breach. By then, the government had resettled 35,700 Afghans across its schemes, but thousands remained stranded. In April 2026, the UK announced it would end in-country assistance for evacuations, requiring eligible Afghans to reach a third country independently before their cases could be processed, with a final deadline of December 2028.
Critics, including advocates like Shamim Saraby, condemned the delays, with some applicants waiting years for decisions. Farhad, an Afghan interpreter whose details were exposed, was resettled in the UK in 2024, but his brother’s application was rejected, leaving him in Afghanistan. Farhad described feeling "betrayed" by broken promises of protection.
In December 2024, Defence Secretary John Healey issued a public apology, acknowledging the lack of transparency. A cross-party inquiry by the Commons Defence Committee is now investigating the breach and the government’s response. The incident has raised concerns about the UK’s handling of sensitive data and its obligations to those who aided British forces.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for UK government ??
What was UK government's A.I Rankiteo Cyber Score in June 2026 ??
What was UK government's A.I Rankiteo Cyber Score in May 2026 ??
What was UK government's A.I Rankiteo Cyber Score in April 2026 ??
What was UK government's A.I Rankiteo Cyber Score in March 2026 ??
What was UK government's A.I Rankiteo Cyber Score in February 2026 ??
What was UK government's A.I Rankiteo Cyber Score in January 2026 ??
What was UK government's A.I Rankiteo Cyber Score in December 2025 ??
What was UK government's A.I Rankiteo Cyber Score in November 2025 ??
What was UK government's A.I Rankiteo Cyber Score in October 2025 ??
What was UK government's A.I Rankiteo Cyber Score in September 2025 ??
What was UK government's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on UK government's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with UK government ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view UK government's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?