The UK government's ability to protect British businesses and citizens from major cyberattacks is being undermined by an inconsistent and chaotic approach to monitoring the scope of data breaches hitting the country, a damning report compiled by MPs has revealed.
The Cabinet Office's role in protecting British interests when it comes to cybersecurity remains "unclear within central government" and there "appears to be no coordination across the wider public sector," the committee of public accounts' analysis said.
The paper, released by the cross-party House of Commons committee on 3 February, described the processes for recording departmental data breaches as "inconsistent and dysfunctional" while slamming an overall lack of oversight and an ongoing skills shortage.
"Poor reporting of low level breaches, such as letters containing personal details being addressed to the wrong person, reduces our confidence in the Cabinet Office's ability to protect the nation from higher threat cyberattacks," the report found.
It continued: "Without a consistent approach across Whitehall to identifying, recording and reporting security incidents, the Cabinet Office is unable to make informed decisions about where to direct and prioritise its attention.
"The use of the internet for cybercrime is evolving fast and the government faces a real struggle to find enough public sector employees with the skills to match the pace of change."
The committee said there are "major and unexplained variations" in how individual government departments report security breaches. Ironically, the paper was released as Parliament announced a series of events to mark a so-called Cyber Security Month.
Between 2014 and 2015 the report said the 17 largest government departments recorded a total of 14 major data incidents and 8,981 non-reportable incidents. Of the 8,981, HMRC recorded 6,038 and the Ministry of Justice 2,798.
The other 15 departments recorded only 145 between them, fewer than 2% of the total. Additionally, several departments recorded no non-reportable incidents at all, including the vast Department for Work and Pensions, it said.
"The Cabinet Office does not collect or analyse departments' performance in protecting information on a routine or timely basis and was not aware of the wide variability and inconsistency of departments' self-reporting processes," the committee revealed.
A spokesperson for the UK's Cabinet Office, putting a positive slant on the findings, said in a statement: "The government has acted with a pace and ambition that has been welcomed by industry and our international partners right across the globe.
"Our comprehensive and ambitious national cyber security strategy, underpinned by £1.9bn of investment, sets out a range of measures to defend our people, businesses, and assets; deter and disrupt our adversaries; and develop capability and skills."
The news came as UK defence secretary, Sir Michael Fallon, accused Russia of "weaponising" fake news and using cybercrime to undermine Western democracies.
"Today we see a country that in weaponising misinformation has created what we might now see as the post-truth age," he said on 2 February. "There is [also] the use of cyber weaponry to disrupt critical infrastructure and disable democratic machinery."
Russia-linked hankers have been accused of infiltrating numerous targets including the World Anti-Doping Agency (Wada), the US Democratic National Committee (DNC) and France's TV5Monde station. It routinely uses cyber-intrusions for political meddling.
In response to Fallon, the Kremlin said his assertions had little merit. "We express regret for this hostile stance of the minister," said Kremlin spokesman Dmitry Peskov. "We are sure that such allegations are baseless."