Only 36% of NHS staff confident in current cyber defences as 60% of UK public concerned attacks could disrupt critical services

• New BT research amongst NHS staff and the UK public reveals cyber concerns, legacy system risks, and training gaps
• 64% of NHS staff report that outdated systems make data hard to access and use
• 60% of frontline staff report a lack of regular cyber security training, while 55% of the UK public rank training NHS staff in new technologies as a priority
• “Cyber security isn’t just about protecting data; it’s about protecting lives” – BT calls for collaborative technology, training, and trust

94% of NHS staff understand their role in protecting the organisation from cyber-attacks, yet only 36% believe current measures are sufficient, new online research from BT has found. Meanwhile, most UK citizens (60%) are concerned that cyber-attacks could disrupt or disable critical NHS systems.

BT works with more than 200 NHS trusts. The findings of its research – which surveyed both NHS staff and the public – explore sentiment around digital healthcare in the UK, and underscore the pivotal role cyber security plays in safeguarding patients and helping protect service delivery.

The key themes of the research include:

1. There is public anxiety over NHS cyber security
   There’s strong public awareness of the importance of cyber security to keep public health services running, with 60% of UK citizens concerned that critical NHS systems could be disrupted or disabled by cyber-attacks. Over half (57%) worry about cyber-attacks on the NHS, and 56% are concerned about patient data exposure. This shows how cyber security is now a part of the public consciousness; people see the direct link between secure systems and healthcare delivery.
2. NHS staff call for stronger safeguards
   While NHS staff overwhelmingly recognise their role in protecting against cyber threats – 94% understand their responsibilities – only 36% believe current measures are adequate to defend against attacks. Just 42% trust that existing systems are robust enough to safeguard sensitive patient data. This reveals the importance of connecting staff with the tools and infrastructure needed to work effectively.
3. Legacy technology hampers collaboration and care
   The NHS faces a critical challenge with legacy technology systems, which lack the level of inbuilt cyber security found in more modern systems, hindering care delivery and collaboration. Nearly two-thirds (64%) of NHS staff report that patient data is isolated and inoperable due to outdated systems. These technological constraints threaten the ability of staff to deliver care safely and efficiently. Investing in future-proofed networks and prioritising smart communications solutions will help reduce wait times and improve healthcare outcomes.
4. Training gaps persist despite awareness 
   While awareness of cyber security is growing, gaps in training remain a significant barrier to preparedness. Despite a modest rise in training on new technologies (from 5% in our 2022 survey to 15% in 2024), training on both new and existing systems has fallen from 47% to 39%. Frontline staff report a lack of regular training, with 60% calling for more. This data suggests that training is mostly a one-off initiative, rather than an ongoing effort, which exacerbates risks and vulnerabilities.
5. Public support for training investment
   Encouragingly, 55% of the UK public rank training NHS staff in new technologies as a priority – showing that people recognise there are ways to strengthen the NHS beyond cutting-edge medical equipment. There’s a growing public understanding that equipping staff with the right cyber knowledge is fundamental to improving healthcare delivery.

Commenting on this research, Professor Sultan Mahmud – Director of Healthcare, BT – said: “The NHS is rightly focused on saving lives, so it can be hard to stay ahead of cyber security threats with the landscape shifting so quickly.

“Threats targeting healthcare have grown in frequency and sophistication, endangering patient care and compromising vital services. BT logs 2,000 signals of potential cyber attacks every second, totalling 200 million per day across sectors. With over 1.7 million employees, the NHS is the UK’s biggest employer, so empowering this workforce is vital.”

“Across the NHS, high awareness of cyber risk is overshadowed by a lack of preparedness. Moreover, significant frustrations with legacy systems are affecting care, exacerbating training gaps. Having worked in the NHS before joining BT, I understand many of these challenges and the importance of bringing together leading minds. Through initiatives like our Clinical Advisory Board and Vanguard Programme, BT Health is enabling collaboration between healthcare, policy, and business to drive meaningful change. A cyber-resilient NHS will be a better NHS for everyone.”

Professor Natasha Phillips, former Chief Digital Nurse to NHS England, Founder of Future Nurse and BT Clinical Advisory Board (CAB) member, concluded: “In healthcare, cyber security isn’t just about protecting data; it’s about protecting lives. Nurses are often the first point of care. To deliver life-saving and compassionate treatment, they depend on easy access to secure systems. As we embrace digital innovation, we must ensure that all clinicians have the confidence, training, and tools to work safely and free from disruption. Ultimately, building a resilient NHS requires a united effort, where technology, training, and trust come together.”

Dr Mateen Jiwani – practising GP, and BT CAB member – added: “Clinicians are incredibly busy, constantly working hard for their patients. To provide meaningful support, the NHS must value their time and provide a secure, uninterrupted, place to work alongside regular cyber training and assessments that encourage prevention, rather than cure.”

Further data and analysis can be found in BT’s new eBook: ‘Building Cyber Resilient Healthcare: Strengthening the NHS to Safeguard Patients’.

To create a robust cyber security strategy, get in touch with BT today.