Our spending review submission

The IET has produced a submission setting out recommendations for the comprehensive spending review on strengthening the resilience and security of critical national infrastructure, alongside a case study of the National Grid.

The impact of cyber attacks can be wide-ranging and devastating for businesses, and there is no ceiling on the costs as it varies based on the depth and seriousness of the attack. The average cost for cyber breaches for big businesses last year was £1.46m and the breach at TalkTalk was estimated to cost £35m alone. With 90% of large companies reporting information breaches last year, it is common but no less serious when it happens.

So, given the scale of impact we see for business, where would the impact be for government?

Well, it’s not only financial costs at stake, but also critical public services and national infrastructure. Take the National Grid for example – energy infrastructure outages can have widespread and serious consequences for both individuals and society. The risk of energy infrastructure failing due to AI misinformation or cyber attacks can be significant. The cost of an electricity blackout to the UK economy depends on factors such as its duration, geographic impact and affected sectors. However, estimates suggest that a nationwide blackout lasting 24 hours could cost billions of pounds.

It extends further than this, because it would impact public service provision, including healthcare, transport and emergency response. Power outages could hit business services across the economy such as finance and banking, retail and e-commerce, and manufacturing – strangling growth and having huge knock-on social effects to regional economies.

As the National Audit Office recently highlighted, the threat to government is severe and advancing quickly. So what can be done?

With the introduction of Humphrey, the civil service AI support tool, there is considerable opportunity for streamlining processes and increasing productivity. Government estimates this could free up £45bn that could be reinvested back into public services if AI is utilised effectively across all departments. However, the introduction of AI across government also leaves departments increasingly vulnerable to cyber attacks. The data that algorithms are trained with, and use, could be manipulated into making the wrong decisions on purpose through a major cyber attack from those seeking to target the UK.

Given the potential scale and cost of cyber attacks on the public sector, the IET is calling on the Treasury, as part of the comprehensive spending review, to reinvest some of the money saved in efficiencies to bolster its cyber-security resilience. Staff training that provides workers with clear examples of good outcomes of AI use is critical to ensuring misinformation is not used and perpetuated through the system. Investing in cyber-security literacy via reskilling and upskilling will ensure greater awareness of potential risks.

Secondly, the government should establish a chief cyber security and resilience adviser to ensure government has regular strategic advice on cyber security.

Finally, government should assess the financial impact of cyber attacks on critical national infrastructure and growth sectors to help shape investment prioritisation.

The comprehensive spending review and forthcoming industrial strategy provides the opportune moment for government to take stock of its digital capability and resilience. It has already made headway with the use of AI but should now look to ensure its cyber-defence strategy is robust and prepared for any eventuality.

You can find out more on our website: 2025 comprehensive spending review submission