HMRC has supposedly spent more than £50 million patching and maintaining legacy IT systems, instead of updating the tech.
A report released by the Public Accounts Committee (PAC) shows that £53.2m is spent on maintenance for its ageing IT infrastructure, representing 80% of the total additional costs during of the pandemic.
The Department said it accepts it must “redress the balance” between overspending on legacy systems and “not enough on investing for the future”.
PAC stated in the report: “HMRC has spent too much of its IT budget on patching up legacy systems rather than modernising them. The Covid-19 pandemic has shown the importance of an effective tax administration system.
“There is a strong case for investment in a modern IT system. HMRC says that it has made some progress in its ambitious digital transformation but is looking for opportunities to reduce the risks facing its IT systems so that they are kept up to date and safe from cyberattacks and catastrophic losses.”
The concern surrounding potential cyberattacks is well-founded. Since the outset of the pandemic, hackers and malicious actors have been targeting IT systems around the world to steal sensitive information.
Legacy systems are particularly vulnerable to attack due to their lack of built-in security protocols. This was evidenced in the 2017 Wannacry ransomware attack, where outdated computers running old operating systems were knocked offline.
- School laptops found to contain Russia-linked malware
- Stolen SEPA data published online by cybercriminals
- Three Scottish SMEs win big at Scotland’s CAN DO Innovation Summit
According to a report by the Department of Health and Social Care released in 2018, the cost to the NHS was approximately £92 million, including around £19 million of lost output, as well as £73 million in IT costs during the aftermath.
The reported costs highlighted both the devastation of the attack, but also the increased need for greater IT resilience across the NHS and other public services.
In HMRC’s Information Technology Strategy report written in 2016, the organisation said part of its ongoing plan was to carry out “significant decommissioning of current IT systems,” something which it still seems to be contending with.
HMRC secured £268 million in the UK Government’s November 2020 Spending Review to be put towards fixing its outdated systems. The review said that the money helped “ensure core systems are secure and can support better administration,” and to help HMRC departments to “bring technology up to date”.
The systems used by HMRC include supporting businesses and individuals, such as through the employment support schemes. A failure of IT systems could have a negative impact on the UK’s entire tax system, and leave whole groups of taxpayers without financial support during the pandemic.
— Public Accounts Committee (@CommonsPAC) January 20, 2021
Meg Hillier MP, Chair of the Public Accounts Committee, commented: “Obviously, the national system of revenue collection underpins all public spending and services.
“As public spending balloons to unprecedented levels in response to the pandemic, out-of-date tax systems are one of the barriers to getting help to a significant number of struggling taxpayers who should be entitled to support. And the system is going to struggle, and in many cases fail, to capture or deal with those wrongly claiming it.
“HMRC needs to redress the balance in its spending and use of tech and get ahead on the basic financial and economic metrics that we need to adapt and respond to this pandemic in real-time.
“There is also a huge question about how our customs and revenue technology at the borders is coping and will cope in the months and years to come. There isn’t really any breathing space – HMRC’s out of date systems need to catch up fast.”