HMRC Investing Heavily in Cybersecurity Training for Staff, Official Figures Show

HM Revenue & Customs (HMRC) has spent over a quarter of a million pounds (£262,251) on cybersecurity training for its staff during the past two financial years, according to official figures obtained by the Parliament Street think tank following a Freedom of Information request.

The UK’s tax authority spent £111,795 in the most recent financial year (20–21), which was a reduction on the £150,456 invested in 19–20. This funding covered 80 training enrollments in FY 20–21 and 69 in FY 19–20 for staff working in HMRC’s chief digital and information officer group.

The data also provided a breakdown of the types of courses that staff from this group enrolled in. The most popular course, involving 12 attendees, was to become certified in the Art of Hacking, costing a total of £15,978. The next most popular course was a six-day bootcamp to become a certified information systems security professional, which attracted 11 members of staff.

Two employees trained to become certified in Ethical Hacking, while nine took part in an Introduction to Cybersecurity course.

The data revealed that training to become a certified cloud security professional was the most expensive course used by HMRC in 20–21, with £34,103 spent to train seven staff members from the chief digital and information officer group.

Additionally, all HRMC staff (around 9,500) completed a mandatory phishing attacks course during the two-year period, which was free of charge.

Commenting on the data, Edward Blake, area vice president EMEA, Absolute Software, said: “Organizations which handle large volumes of personal financial information like HMRC are a top target for cyber-criminals, so ensuring staff are fully trained with the latest cyber-skills is essential to prevent a potential data breach.

“With the COVID-19 pandemic forcing many employees to work from home, it’s also critical that organizations like HMRC ensure they have complete visibility into the security standards across all devices such as laptops, to ensure encryption is turned on and cyber protection is in place for each and every employee.

“It’s also important that organizations can track, freeze and wipe lost or stolen devices, in the event of loss or theft, to keep taxpayer data completely safe from outsider threats.”

There have been numerous examples of scams involving the impersonation of HMRC during the COVID-19 pandemic, with cyber-criminals looking to use various government financial support schemes as phishing lures throughout the crisis.

What’s Hot on Infosecurity Magazine?