The Challenge of Public Sector Cyber Security

Last year represented a record-breaking year in terms of the sheer number of cyber-attacks faced by organisations in a wide range of industries across the globe. 

Both the private and public sectors faced around 18 denial of service (DoS) attacks per minute, and malware infections rose by an estimated 358%.

In the face of these constant and evolving attacks, cyber security and risk management spending is set to reach more than $150 billion (£108 billion) by the end of 2021, representing an increase of over 10% compared to 2020.2

As public sector organisations attempt to shield themselves from cyber-attacks, government policy and spending is in the process of reacting to this new landscape. In the UK alone, the government has committed to spending £1.9 billion on the National Cyber Security Strategy.3 

While facing similar threats to those encountered within the private sector, public sector organisations also face their own unique set of cyber threats and challenges. As a result, implementing an effective cyber security strategy is absolutely essential.

In this article, we’ll be looking at the unique cyber security challenges the public sector faces with the help of some real-life examples. Let’s get started.

Further reading: If you want to learn more about effective cyber security strategies within the public sector, take a look at our blog — Fundamentals of Public Sector Cyber Security

Budget constraints

We’ve already highlighted the rising cost of both cyber crime and cyber security, so it should be no surprise that public sector spending is one of the largest constraints when it comes to cyber security.

The reality is that most public services have far stricter budgets than organisations operating in the private sector. Indeed, public sector organisations are often competing against each other for a limited amount of funding, and have to deal with the added scrutiny and pressure that comes with spending public money.

As a result, IT managers in the public sector are increasingly being asked to bring in the best talent and use the latest technologies without the funding necessary to do so.

As we’ll discuss later, the cyber security sector is suffering from a massive skills gap as demand skyrockets. This means that there just aren’t enough experts to go around, and the public sector has to compete with private sector organisations who are able to outspend them in order to secure talent.

Added to this is the cyclical problem of changing public sector budgets due to government and policy changes. Effective cyber security needs to be consistent and iterative, which can be difficult when budgets and priorities constantly evolve. 

Skills gap

As highlighted above, there is currently a significant skills gap in the UK cyber security sector.

For example, the most common cyber security qualification is the Certified Information Systems Security Professional (CISSP) accreditation. However, only 19% of cyber firms have any CISSP-accredited staff. This shortage of skilled workers has left 653,000 organisations in the UK with a basic cyber skills gap, and 408,000 organisations with an advanced cyber skills gap.4

This skills gap has already impacted the public sector, with only 13% of Local Authorities using cyber crime insurance, and more than half of all public sector workers lacking basic cyber security skills, such as the ability to recognise ransomware or an understanding of what two-factor authentication is.5

Even as more cyber skilled workers enter the job market, public sector funding is increasingly insufficient to attract those workers away from higher-paid jobs in the private sector.  

Current staff need to be trained and upskilled, while IT managers are increasingly expected to shoulder security responsibilities. The result of this is ultimately heavier workloads, increased responsibilities and stretched resources.

Man typing cyber secure password into iPad

Heightened scrutiny

Unlike their counterparts in the private sector, public sector organisations and local government departments have to justify any increases in spending to the general public. 

The reality is that cyber security spending is not a priority in comparison to healthcare, policing, and other vital public services.

For example, the UK spent £44.6 billion on the military in 2020/21 alone, compared to £1.9 billion on the National Cyber Security Strategy, despite the disastrous consequences a successful cyber-attack and data breach can have.6 

In 2017, more than 60 NHS trusts were hit by WannaCry ransomware. In some cases, these trusts were rendered vulnerable to WannaCry because their Windows operating systems were more than 15 years old and no longer updated or supported by Microsoft.7

Unfortunately, public spending on cyber security is still not high profile enough to register with most voters as a genuine necessity, keeping cyber security budgets low despite the potential consequences for public services in the event of a successful cyber-attack.

High stakes

Following on from the point above, despite not getting a level of funding comparable to the risk, cyber security breaches in public sector organisations can have enormous consequences. 

Local Authorities were responsible for half of all data breaches recorded in the UK in 2020, and public sector bodies receive more Information Commissioner’s Office (ICO) security compliance-related fines than any other type of organisation.

Local Authorities hold vast amounts of sensitive data, but don’t always have the budgets, training, or expertise required to secure that data properly. 

The public sector also faces cyber threats from hostile states. In recent years, it has been reported that the UK has been the target of a Russian attempt to steal coronavirus vaccine research, and a Chinese attack on Microsoft Exchange servers.9

Political cyber activists, or hacktivists, including the group known as Anonymous, have previously targeted public sector organisations with DDoS attacks and social media profile takeovers, causing major disruption and political embarrassment. 

Since any attack against a public sector organisation has a severe impact on the government’s ability to offer services, from healthcare to emergency services, the cyber security stakes for the public sector are always high. 

Six Degrees can help

Market-leading cyber security providers like Six Degrees represent a viable solution to the unique challenges faced by public sector organisations.

By partnering with Six Degrees, Local Authorities, NHS Trusts, police departments, and a range of other public sector organisations can overcome the current cyber security skills gap with the help of highly trained industry experts.

Six Degrees offers a range of flexible cyber security solutions, including:

  • Fully managed full-coverage threat detection and response that provides public sector organisations with a 24×7/365 managed detection and response service.
  • Support for the digital transformation of government services with expert consultation and advice throughout the cloud adoption process. 
  • Full compliance advisory and consultation services to reduce the frequency and amount of GDPR breaches and fines.
  • Fully managed secure and mature cloud services that allow Local Authorities to implement secure remote working conditions with full endpoint protection. 
  • Next-generation penetration testing services that allow public sector organisations to identify and resolve vulnerabilities and common vectors of cyber-attack quickly.  
  • As a Managed Security Service Provider (MSSP), Six Degrees can deliver comprehensive end-to-end cyber security services that protect all of an organisation’s assets.

To find out more about the services Six Degrees offers and how they could revolutionise your organisation’s approach to cyber security, contact us today.

Suggested reading: For advice and insights on explaining the value of cyber security to the board, check out our free resource — Board Presentation Toolkit: Cyber Security and Threat Management

A skyline view of city

Subscribe to the newsletter today

Related posts

Planning for the Future of Cyber Security Today

Planning for the Future of Cyber Security Today

Planning for the Future of Cyber Security Today…

Fundamentals of Public Sector Cyber Security

Fundamentals of Public Sector Cyber Security

Unprecedented events have forced the world as we…