Government launches new cyber monitoring service as fix times cut by 84%

New system continuously scans the internet-facing infrastructure of around 6,000 public bodies

The UK government has launched a new vulnerability monitoring service aimed at reducing cyber risks across the public sector, saying it has already cut the time taken to fix some of the most serious digital weaknesses by 84%.

Whitehall officials say the new Vulnerability Monitoring Service (VMS) marks a turning point in the UK's digital national security, cutting the window of opportunity for hackers from nearly two months to just eight days.

For years, government digital defences have struggled to keep pace with increasingly sophisticated state-backed actors and criminal gangs.

The new system continuously scans the internet-facing infrastructure of around 6,000 public bodies, including local councils and health authorities, searching for known backdoors that could be exploited.

The results, according to the Department for Science, Innovation and Technology (DSIT), represent a significant shift in speed:

• Domain fixes: The median time to repair domain-related flaws has plummeted from 50 days to 8 days - an 84% improvement.
• Critical backlog: The number of open, high-risk vulnerabilities has been cut by 75%.
• Volume: The service is now processing and resolving roughly 400 confirmed threats every month.

Digital government minister Ian Murray said the automation has "transformed" the UK's resilience.

"The service spots and fixes weaknesses before they're exploited," he said, noting that it reduces the risk of disruption to systems used daily by millions.

The rollout comes at a time of heightened anxiety over national infrastructure.

Last year, Anne Keast-Butler, the head of GCHQ, warned that the UK was facing its most "contested and complex" threat environment in decades, reporting that critical attacks in 2025 were four times higher than the previous year.

Previously, a weakness in a government DNS record could go undetected for nearly two months. This gave hostile actors ample time to redirect users to fake websites designed to steal personal information or disrupt operations.

Dr Richard Horne, CEO of the National Cyber Security Centre (NCSC), warned that the impact of these attacks is no longer just theoretical.

"Cyber security is more consequential than ever today with attacks in the headlines showing the profound impacts they can have on people's everyday lives and livelihoods."

He continued: "As our public services continue to innovate, it is vital that they remain resilient to evolving threats and vulnerabilities are being effectively managed to reduce the chances of disruption.

A new 'Cyber Profession'

Alongside the technical measures, the government has also announced the launch of its first dedicated Cyber Profession programme in collaboration with DSIT and the NCSC.

Designed to address a chronic skills shortage, the initiative includes a new Government Cyber Academy and a recruitment hub to streamline how the public sector hires digital specialists.

By aligning with the UK Cyber Security Council's professional standards, the government hopes to create a "clear career framework" that keeps top-tier talent within the public sector rather than losing them to high-paying tech giants.