Blog

Why is the public sector struggling to prevent cyber-attacks?

Nearly one in four (23%) public sector organisations in the UK are unprepared for a cyber-attack, according to the Advanced Trends Report 2017.

The integration of technology in the public sector is a huge step forward for an industry that can often be seen to drag its feet when it comes to digitising and technology. Despite the importance, and well, vitality of collaborating with technology to future proof and secure data, there comes a risk with transitioning from paper to digital and maintaining its security.

From ransomware attacks on the NHS, to cyber-attacks on parliamentary email accounts, it’s safe to say it’s been a busy few years for the cyber criminals.

Every service stand across the public sector could lose valuable data that’s vulnerable to criminals. From patient records to high-value research from universities and even sensitive information shared by government officials. In this digital era, it’s critical every single organisation makes cyber-security a top priority.

So, why is the public sector struggling to prevent cyber-attacks?

  1. Budget constraints

Universal across all public sector services; IT managers are increasingly finding themselves tasked to do more with less. As a result of the budget cuts, basic data security measures are being missed. The most high-profile example of this is the WannaCry attack that crippled the NHS and was able to spread due to a failure to patch a known exploit.

Culture change is needed amongst employees at every level to ensure a stop to preventable cyber-attacks. This could mean a number of things including updating systems regularly and being aware of suspicious emails and links.

  1. Skills gap

The cyber security skills gap in the public sector is widening due to the rapid transition from paper to digital. Industry estimates suggest that there could be 3 million unfilled jobs in the cyber security industry by 2021.

With fewer graduates having the necessary skills the government has started to take action with initiatives such as the Cyber Schools Programme, which aims to provide young people with cyber skills by 2021.

A complete overhaul in how cyber security talent is developed should play a key part in defending the public sector from cyber-attacks. But we must also focus on skills building now to provide immediate prevention or at least decrease the risk of breaches in the meantime.

  1. The misconception

Many organisations see cyber security as an unnecessary cost, with minimal return on investment. This is an oversight, especially for public sector organisations looking to minimise costs. When you consider that a medical record is worth 10 times as much as a credit card number on the black market, it’s no surprise that the Identity Theft Resource Center’s end-of-year data breach report shows that 34.4% of all breaches worldwide are hitting the healthcare industry.

Here are the results for five industries, ranked by prevalence of breaches in 2016:

  • Business: 45.3 percent of breaches
  • Healthcare: 34.5 percent of breaches
  • Education: 9 percent of breaches
  • Government and military: 6.6 percent of breaches
  • Banking, credit or financial: 4.8 percent of breaches

Not only is there is a cost associated with data breaches but they can bring about lawsuits and regulatory penalties as well as compromise not only patient data but patient care.

Research by Palo Alto Networks found that the NHS could save an estimated £14.8 million annually when investing in cybersecurity, enough money to employ an additional 150 doctors and 250 nurses. Cyber security should be viewed as an enabler to allow operations to not only become more agile, but to also save money.

Whilst the UK government has pledged to invest £21m into the public sector’s cyber security systems, it is pivotal that escalating issues (see above) are addressed.

The Resolution

Understanding ModernGov are pleased to launch a brand new training course taking place on Thursday 28 June; Information and Cyber Security Essentials. View the full agenda here.

Learn about current cyber security threats and establish the practical steps that your organisation needs to take in order to keep information safe. Learn from best practice data and information security processes and about how you can implement these practices in your organisation.

Through practical exercises and a series of training workshops, establish how to manage the risk of a cyber-attack and mitigate the effects of a breach that does occur. Work towards developing a cyber security plan that will ensure continuity of operations within your organisation by helping to prevent, detect and respond to cyber threats and attacks.

Click here to register your place.


Does this sounds beneficial either for yourself or for a colleague? Get in touch to have a chat or make a booking. We would love to hear from you.

Contact us on 0800 542 9440 or email [email protected]. Tweet us @UModernGov

Do you have a team of staff at your organisation who would benefit from Information and Cyber Security Essentials training? We also offer this course as a highly flexible In-House training session, delivered direct to your organisation on a date to suit you. Contact our In-House Training team on [email protected] to find out more.