UK Government launches new VMS and Cyber Profession
The UK Government has launched a new vulnerability monitoring service (VMS) to reduce cyber risks and speed up fixes and a new Cyber Profession to build long-term resilience across public services.
Image courtesy DSIT / gov.uk
The public services that millions of people depend on – from the NHS to the Legal Aid Agency – are becoming significantly safer and more resilient thanks to major improvements by the government to identify and fix cyber threats.
A specialist government monitoring service, introduced as part of the Blueprint for modern digital government, published in January 2025, means serious security weaknesses in public sector websites are fixed six times faster – cutting the average time from nearly two months to just over a week.
The critical vulnerabilities are in the Domain Name System (DNS) – the internet’s “address book” that turns website names we type into the numbers computers use to find them. Weaknesses in DNS can allow attackers to redirect users to fraudulent sites, steal sensitive data, or take services offline entirely – with potentially serious consequences for anyone relying on government services.
Before this service was in place, a weakness in a government DNS record could go unnoticed for nearly two months – long enough for a hostile actor to redirect someone trying to access a government service to a fake site designed to steal their personal details, intercept sensitive communications, or disrupt services that people rely on. The vulnerability monitoring service has closed this window down to eight days. It alerts the right people with clear, practical guidance on how to fix the problem, and tracks progress until each issue is resolved.
Speaking at the Annual government Cyber Security and Digital Resilience conference, Digital Government Minister, Ian Murray will outline how this will sharply reduce the risk of hackers targeting essential services like the NHS.
He will also outline how the government has reduced its backlog of these vulnerabilities by 75% – significantly shrinking the window for cyber criminals to target essential public services – from GP surgeries and ambulance trusts to hospitals and social care providers.
Today’s announcement marks a decisive step in closing the door on such threats with the government going even further with the launch of the first-ever dedicated government Cyber Profession. This programme will recruit and train the top-tier cyber experts needed to keep public services safe.
Minister for Digital Government, Ian Murray said: "Cyber-attacks aren’t abstract threats – they delay NHS appointments, disrupt essential services, and put people’s most sensitive data at risk. When public services struggle it’s families, patients and frontline workers that feel it.
"The vulnerability monitoring service has transformed how quickly we can spot and fix weaknesses before they’re exploited so we can protect against that. We’ve cut cyber-attack fix times by 84% and reduced the backlog of critical issues by three quarters. And as the service expands to cover more types of cyber threats, fix times are falling there too.
"But technology alone isn’t enough. Today I’m launching a new government Cyber Profession to attract and develop the talented people we need to stay ahead of increasingly sophisticated threats - making government a destination of choice for cyber professionals who want to protect the services that matter most to people’s lives."
Dr Richard Horne, CEO of the NCSC, said: "Cyber security is more consequential than ever today with attacks in the headlines showing the profound impacts they can have on people’s everyday lives and livelihoods.
"As our public services continue to innovate, it is vital that they remain resilient to evolving threats and vulnerabilities are being effectively managed to reduce the chances of disruption.
"The government Cyber Action Plan is a crucial step in building stronger cyber defences across our public services and the launch of the government Cyber Profession today will help attract and retain the most talented professionals with the top-tier skills needed to keep the UK safe online."
The VMS continuously scans 6,000 UK public sector bodies, detecting around 1,000 different types of cyber vulnerabilities. When a weakness is identified, the service alerts the relevant organisation with specific, actionable guidance and tracks progress until the issue is resolved.
By automating detection and streamlining remediation, the service has:
reduced median time to fix domain-related vulnerabilities from 50 days to eight days – an 84% improvement
reduced median time to fix other cyber vulnerabilities from 53 days to 32 days
cut the backlog of critical open domain-related vulnerabilities by 75%
processed and resolved around 400 confirmed vulnerabilities each month
The new government Cyber Profession is co-branded with the Department for Science, Innovation and Technology and the National Cyber Security Centre (NCSC). It will introduce a competitive total employee offer, establish a dedicated Cyber Resourcing Hub to streamline recruitment and create a clear career framework aligned with UK Cyber Security Council professional standards.
It will also include a government Cyber Academy for training and development, a new apprenticeship scheme to build future talent and structured career pathways to strengthen long-term capability across the public sector.
The North West will serve as a primary hub for the profession, building on Manchester’s growing digital ecosystem and the forthcoming government Digital Campus.