Lost Devices Pose Serious Threat to UK’s Cyber Defenses
London, UK – June 22, 2025 — A wave of missing government-issued devices is raising alarms across the United Kingdom, with cybersecurity experts warning that the loss of thousands of laptops, phones, and tablets poses a “systemic risk” to national security.
According to newly released data obtained through Freedom of Information (FOI) requests, more than 2,000 devices have been reported lost or stolen across key UK government departments in the past year alone. The Department for Work and Pensions, Ministry of Defence, Cabinet Office, and even the Bank of England are among those affected.
A Growing Attack Surface
The Ministry of Defence reported 387 phones and 103 laptops lost in just the first five months of 2025. The Department for Work and Pensions added another 365 devices to the tally in 2024, while the Cabinet Office and other departments also reported significant losses.
Cybersecurity experts say the scale of the problem is deeply concerning. “When you’re talking about thousands of devices, you’re talking about a massive attack surface,” said Professor Alan Woodward of the University of Surrey. “Even if just 1% of those belonged to system administrators, that’s enough to open the door to serious breaches”.
Encryption Isn’t a Silver Bullet
While government officials insist that all devices are encrypted, experts caution that encryption alone may not be enough. Phones and tablets, in particular, are more vulnerable to token theft, which could allow attackers to bypass authentication and gain access to sensitive systems.
Nick Jackson, Chief Information Security Officer at Bitdefender, warned that “it only takes one lost device to compromise a network.” He added that many of these devices contain authentication tokens and sensitive data that could be exploited if they fall into the wrong hands.
A Call for Stronger Oversight
The breach has prompted calls for stricter inventory controls, employee training, and real-time monitoring of device access. David Gee of Cellebrite emphasized the need for proactive data protection, especially in departments handling national defense, healthcare, and financial oversight.
A government spokesperson responded by stating that “we take the security of government devices extremely seriously,” and that encryption protocols are in place to prevent unauthorized access. However, critics argue that the current safeguards are insufficient given the scale and frequency of losses.
As the UK continues to digitize its public services, the loss of physical devices remains a glaring vulnerability—one that could have far-reaching consequences if not urgently addressed.
Let me know i
