His Majesty’s Revenue and Customs (HMRC) has revealed it intercepted over 100 million malicious emails targeting UK government services in the last three years, highlighting a significant escalation in cyber threats.
Figures obtained through a Freedom of Information (FOI) request detail the volume of suspect emails blocked between November 2021 and September 2024. The data indicates a sharp increase in attempted cyberattacks.
Between November 2021 and October 2022, HMRC blocked 23.7 million malicious emails. The number surged to 40.3 million in the following year (November 2022 to October 2023) and remained high at 40.9 million in the period from November 2023 to September 2024.
The total number of blocked malicious emails over the three-year period stands at a staggering 105 million, demonstrating the persistent and growing threat faced by UK government digital infrastructure.
Andy Ward, SVP International, Absolute Security, said: “These numbers show just how relentless cybercriminals are when it comes to targeting government institutions. Email remains one of the main ways attackers try to break into systems – whether through malware, spam or other tactics designed to exploit vulnerabilities.
“To tackle these threats effectively, organisations need a strong cyber-resilience strategy. This means real-time monitoring of systems, advanced threat detection and the ability to act fast when something goes wrong.”
