The National Audit Office (NAO) is putting the finishing touches to a report examining the UK government’s approach to improve its cyber resilience amid escalating threats.
According to its brief, the spending watchdog will look at a number of issues, not least current threat levels, funding and whether the government has a sufficiently robust plan to maintain and improve its cyber resilience now and in the future.
Publication of the report could not be more timely. In December 2024, the head of the National Cyber Security Centre (NCSC), Richard Horne, warned that the cyber risks facing the UK were “widely underestimated”. Unveiling its Annual Review, Horne talked about the “widening gap” between threat levels and the defences and the need to “increase the pace we are working at to keep ahead of our adversaries.”
He spoke about how organisations need to do more to bolster cyber security and to view investment as both “an essential foundation for their operations and a driver for growth”.
I couldn’t agree more. Like many organisations, the UK’s public sector operates in an even more complex IT landscape where IT teams are expected to do more against a backdrop of budgetary constraints and limited resources.
Public sector organisations are increasingly looking to take advantage of available automation and orchestration functionality in readiness to adopt more AI as this becomes more widely integrated.
In doing so – and in some cases in parallel as well – they are also looking to rationalise the technologies they have into a leaner and smaller number to realise financial and operational efficiencies needed in today’s world.
Autonomous endpoint management (AEM) provides security and unlocks value
Called autonomous endpoint management (AEM), it’s a technology that leverages the power of AI and machine learning (ML), to tackle the ever-growing risks posed by cybercriminals including data theft via malware, ransomware and phishing attacks.
By continually collecting and analysing data from all endpoints, it provides real-time threat assessments that also enable automated patching. What’s more, machine learning streamlines critical workflows, significantly increasing the efficiency of security operations (SecOps) and reducing potential attack vectors.
And thanks to the automation of routine tasks, AEM delivers significant increases in operational efficiency that allow resources to be focused elsewhere without compromising security, performance or availability.
It’s an approach that offers the prospect of delivering real value – especially where IT staff are overwhelmed with providing timely endpoint changes across a growing number of endpoint devices, operating systems and applications.
In a sense, these AI-powered tools are taking automation to a whole new level in terms of scale and sophistication by providing, for example, advanced threat intelligence that identifies patterns indicative of malicious activity.
Or to put it another way, AEM provides government agencies and departments with a precise
overview of IT assets and vulnerabilities, improving security and reducing potential attack surfaces. Thanks to this advanced visibility and control, security teams can respond quickly to threats, freeing personnel for other tasks and providing public sector leaders with peace of mind.
With the ever-present threat of cyberattacks demanding faster patch deployment, AEM is becoming a key tool in delivering better device configuration compliance. For instance, HMRC uses automated tools to manage its vast IT estate with thousands of endpoints across multiple locations. This approach enables IT and security teams to identify vulnerabilities, apply patches and enforce security configurations both at pace and scale. It also cuts the time and effort needed for routine tasks – such as software updates and compliance checks – ensuring these devices remain secure and operational without disruption.
Using AI is essential in the cybersecurity arms race
Of course, the use of AI to strengthen security should come as no surprise. Governments of all political colours are looking to see how to maximise the benefits of AI. Only recently, for example, the UK government unveiled a new package of AI tools – nicknamed ‘Humphrey’ – to be made available to civil servants to help modernise tech and deliver better public services. It also recently published details of a GOV.UK Wallet and App to simplify access to services and documents like digital driver’s licences.
But while the government is using AI for good, it’s also true that cybercriminals are using the technology to launch ever-more sophisticated attacks –- a point spelt out in the aforementioned NCSC Annual Review.
As we look ahead to the publication of the NAO’s forthcoming report – and its assessment of the UK government’s cyber resilience – one thing is already clear: the pace of cyber threats is accelerating, and traditional approaches to security are no longer enough.
As Richard Horne warned, the gap between threats and defences continues to widen, making investment in AI-driven solutions like AEM not just a necessity, but an imperative. By leveraging automation and real-time data, these tools empower overstretched IT teams to stay ahead of cybercriminals, ensuring that cybersecurity is not just about defence, but about resilience, efficiency, and long-term strategic advantage.
About the Author
Dan Jones is Senior Security Advisor, EMEA at Tanium. Tanium delivers Autonomous Endpoint Management (AEM) with the industry’s only true real-time platform for AI. Its platform is real-time, seamless, and autonomous, allowing security-conscious organizations to break down silos between IT and Security operations that results in reduced complexity, cost, and risk. Securing more than 32M endpoints around the world, Tanium’s customers include more than 40% of the Fortune 100, 7 of the top 10 U.S. retailers, 8 of the top 10 U.S. commercial banks, all 6 branches of the U.S. military, and MODs and DODs around the world.
