The Department for Environment, Food and Rural Affairs (Defra) has said it is “taking steps” to enhance its cybersecurity and protect its IT systems against threats, following the recent publication of a report by the Public Accounts Committee (PAC) in which its IT systems were found to be “outdated”.

The report, Tackling Defra’s ageing digital services, which was ordered by the House of Commons, concluded that the department does not have a long-term strategy for its “much-needed wider digital transformation”.

However, in the department’s response, it said it recognised the “vital importance of cybersecurity” and cited its plans to invest more than £870 million in improving infrastructure and digital systems, reducing its dependency on legacy technology and rolling out new security training.

A Defra spokesperson said: “We have made significant progress on enhancing and improving the resilience of our current technology and digital services through an effective and wide-ranging investment plan.

“We have already delivered new and improved services to improve flood warnings, farming and countryside schemes and food imports and exports, developed with the input of end-users and customers.

“Defra is a wide-reaching organisation, and we are committed to improving the quality and availability of our digital services and ensuring our systems are secure and resilient.”

The department said its digital and transformation plan, published in 2022, includes IT investment across the core department.

However, the PAC report determined that the plans for this transformation are not sufficient and that the department needs to look further into the future to properly adapt its systems.

PAC report

The PAC report determined that many users of Defra’s systems consider them “outdated and difficult to use”.

It highlighted how Defra’s systems are used by a wide range of customers and, to certain groups of customers, Defra’s legacy IT systems feel outdated due to a reliance on paper forms and documents.

The department was found to handle around 14 million transactions every year that still involve paper forms making them “inefficient and expensive”, according to the report.

The report said Defra should look long-term, past its current “business transformation”, as it does not currently have a vision of how the transformed department and its organisations will operate.

Several recommendations were made to the department, focussing on how it can stabilise and improve its IT systems, and how to maintain their proficiency in the long term.

The first recommendation was that Defra should, within six months, identify the success factors behind the progress it has made in addressing issues within its legacy IT and share lessons with the Central Digital and Data Office (CDDO) and other departments.