Source · Select Committees · Public Accounts Committee
Recommendation 26
26
Acknowledged
Legal Aid Agency acknowledges critical lessons learned from cyberattack response and provider burden
Conclusion
LAA acknowledged that contingency measures it put in place to keep the legal aid system going placed additional burdens on providers, and that there are several lessons to be learned from the attack. This included, ensuring senior leaders understand risks in systems, ensuring longer term business continuity plans are in place and considering the impact on staff of responding to the attack, which it said had been brutal. It also stressed the importance of consistent communication and collaboration with stakeholders to work through the response.51
Government Response Summary
The Chief Executive of the Legal Aid Agency (LAA) set out the initial lessons learned at the Committee evidence session in October 2025, including the need for senior leaders to ensure that cyber-vulnerabilities are fully understood and business continuity plans cover a long period.
Government Response
Acknowledged
HM Government
Acknowledged
6.5 The Chief Executive of the Legal Aid Agency (LAA) set out the initial lessons learned at the Committee evidence session in October 2025, including the need for senior leaders to ensure that cyber-vulnerabilities are fully understood and business continuity plans cover a long period.