The UK government has launched a new vulnerability monitoring service (VMS) that promises to reduce the time needed to fix critical cyber weaknesses across the public sector.
Scanning government systems for critical cyber flaws
The service, launched as part of the Blueprint for Modern Digital Government, published in January 2025, continuously scans internet-facing systems at around 6,000 public sector organizations. Using commercial and proprietary tools, it detects about 1,000 types of cyber vulnerabilities. When a weakness is identified, the service notifies the relevant organization, provides guidance on how to fix it, and monitors progress until the issue is resolved.
Data published by the government shows that the median time to fix domain-related vulnerabilities has dropped from nearly two months to eight days. For other types of cyber vulnerabilities, the median time has fallen from 53 days to 32 days. The monitoring service processes and resolves about 400 confirmed vulnerabilities each month.
“Cyber-attacks aren’t abstract threats — they delay NHS appointments, disrupt essential services, and put people’s most sensitive data at risk. When public services struggle it’s families, patients and frontline workers that feel it,” Ian Murray, Minister for Digital Government said.
“The vulnerability monitoring service has transformed how quickly we can spot and fix weaknesses before they’re exploited so we can protect against that. We’ve cut cyber-attack fix times by 84% and reduced the backlog of critical issues by three quarters. And as the service expands to cover more types of cyber threats, fix times are falling there too,” Murray continued.
Building long-term cyber expertise within government
The next step in the government’s cyber strategy is the introduction of a new Cyber Profession initiative designed to strengthen cybersecurity capability in public services. The program includes the establishment of a Cyber Resourcing Hub to streamline recruitment and a career framework aligned with UK Cyber Security Council professional standards.
“The government Cyber Action Plan is a crucial step in building stronger cyber defences across our public services and the launch of the government Cyber Profession today will help attract and retain the most talented professionals with the top-tier skills needed to keep the UK safe online,” said Dr Richard Horne, CEO of the NCSC.
It also includes plans for a government Cyber Academy to support training and development, a new apprenticeship scheme, and structured career pathways to build capability within government departments.
The Cyber Profession program is co-branded with the Department for Science, Innovation and Technology and the National Cyber Security Centre.
