His Majesty’s Revenue and Customs (HMRC) has blocked over 100 million malicious emails in the past three years, as cyber threats against UK government services continue to escalate.
The data was obtained through a Freedom of Information (FOI) request, where HMRC disclosed detailed figures on the volume of malicious emails blocked from November 2021 to September 2024.
Data rise in cyberattacks
The data shows a sharp rise in cyberattacks, highlighting the growing threat to the UK govt favours
The data shows a sharp rise in cyberattacks, highlighting the growing threat to UK government services. According to new data obtained, HMRC blocked 23,751,742 email attacks between November 2021 and October 2022.
This figure surged to 40,346,532 between November 2022 and October 2023, followed by 40,903,820 blocked emails from November 2023 to September 2024. Overall, HMRC has blocked 105,002,094 emails in the past three years.
Cyber resilience strategy
Andy Ward, SVP International, Absolute Security, commented: “These numbers show just how relentless cybercriminals are when it comes to targeting government institutions. Email remains one of the main ways attackers try to break into systems—whether through malware, spam or other tactics designed to exploit vulnerabilities.”
“To tackle these threats effectively, organisations need a strong cyber resilience strategy. This means real-time monitoring of systems, advanced threat detection, and the ability to act fast when something goes wrong. Security teams need to be able to isolate and shut down compromised systems immediately to stop attacks from spreading. With cyber threats becoming more sophisticated, having the right tools and defences in place is more important than ever to protect the UK’s Government Departments.”
Evolving cyber risks
HMRC has proved that changes to its email security systems mean it can no longer order email threats
Despite these increasing threats, HMRC has confirmed that changes to its email security systems mean it can no longer categorise email threats by type, such as phishing, malware, or spam. This shift in technology makes it more challenging to assess the evolving cyber risks faced by the department.
Sawan Joshi, Group Director of Information Security at FDM Group, commented: "HMRC’s efforts to block malicious emails show the relentless nature of cyber threats, highlighting the need for robust security measures and a highly skilled workforce."
Implementing the right technology
Joshi added: "Protecting critical systems isn’t just about implementing the right technology—it’s about having the right expertise in place."
"Employees must be equipped with the necessary skills to not only detect and respond to threats but also to communicate risks effectively and strengthen business resilience. For organisations, investing in upskilling staff in cybersecurity training is critical."
Learn why leading casinos are upgrading to smarter, faster, and more compliant systems
