60% of NHS staff want more cyber security training, finds study

Research from BT found that 94% of NHS staff understand their role in protecting the organisation from cyber attacks, yet only 36% believe current measures are sufficient.

The independent online survey of 76 NHS staff at 59 NHS organisations and integrated care systems, carried out between 8 September 2024 and 16 September 2024, explored sentiment around digital healthcare in the UK.

It found that only 42% of NHS staff surveyed trust that existing systems are robust enough to safeguard sensitive patient data and 64% report that patient data is isolated and inoperable due to outdated systems.

Despite a rise in training on new technologies from 5% in BT’s 2022 survey to 15% in the 2024 survey, training on both new and existing systems has fallen from 47% to 39%, with 60% of frontline staff surveyed calling for more cyber security training.

Commenting on the research, Professor Natasha Phillips, former chief digital nurse to NHS England, founder of Future Nurse and BT clinical advisory board (CAB) member, said: “In healthcare, cyber security isn’t just about protecting data; it’s about protecting lives.

“Nurses are often the first point of care. To deliver life-saving and compassionate treatment, they depend on easy access to secure systems.

“As we embrace digital innovation, we must ensure that all clinicians have the confidence, training, and tools to work safely and free from disruption.

“Ultimately, building a resilient NHS requires a united effort, where technology, training, and trust come together.”

A YouGov survey of 2,159 adults in the UK, carried out online between 5 July 2024 and 8 July 2024, found that 60% of UK citizens are concerned that critical NHS systems could be disrupted or disabled by cyber attacks and 56% are concerned about patient data exposure.

Professor Sultan Mahmud, director of healthcare at BT, said: “The NHS is rightly focused on saving lives, so it can be hard to stay ahead of cyber security threats with the landscape shifting so quickly.

“Threats targeting healthcare have grown in frequency and sophistication, endangering patient care and compromising vital services.

“BT logs 2,000 signals of potential cyber attacks every second, totalling 200 million per day across sectors.

“With over 1.7 million employees, the NHS is the UK’s biggest employer, so empowering this workforce is vital.

“Across the NHS, high awareness of cyber risk is overshadowed by a lack of preparedness.

“Moreover, significant frustrations with legacy systems are affecting care, exacerbating training gaps.”

NHS private service provider, the HCRG Care Group, confirmed in February 2025 that it is investigating a suspected ransomware attack, after a cyber crime group claimed that it has breached sensitive information.

Figures revealed in January 2025, found that at least two patients suffered long-term or permanent damage to their health as a result of the cyber attack on NHS pathology provider Synnovis in June 2024.

Meanwhile, waiting times for cancer pathways at Wirral University Teaching Hospital NHS Foundation Trust were “significantly impacted” by a cyber incident in November 2024, according to trust board papers.