Public bodies take six months or more to recover from cyberattacks, research finds


Study from PublicTechnology sister publication Holyrood finds that about half of Scottish public bodies have suffered a successful attack, with about four in ten concerned about a lack of funding

Public sector organisations lack the resources to tackle the evolving cybercrime threat, exclusive polling by PublicTechnology sister publication Holyrood has revealed.

Gathering over 50 responses, more than two-thirds of public sector technology leaders said they worried about cyberattacks daily, and almost half – 48% – revealed they had suffered a successful attack.  The polling also revealed it took 13% of respondents more than five months to get back to normal following an attack.

However, four out of ten believed that their organisation does not have enough funding dedicated to cybersecurity, and more than two-thirds said support from central government in this area is insufficient.

The scale of the threat was brought into focus in late 2020 when the Scottish Environment Protection Agency suffered a breach. The attack crippled the regulator’s operations, with stolen data amounting to 1.2GB, costs adding up to £5.5m, and the agency taking over a year to rebuild its systems.


Related content


More than three-quarters of those surveyed by Holyrood said their organisation had either made “some” or “significant” improvements to their cyber strategy since the incident, and a majority of respondents – 90% – now regarded cybersecurity as a priority.

However, two out of 10 said they still do not feel their organisation is very prepared in the event of a cyberattack.

Speaking to Holyrood, chief executive of the Cyber Centre of Excellence Kurtis Toy highlighted the importance of resilience.

“An important part of cyber resilience is your back-up plan and technologies. So, your business continuity plans – what to do when it all goes wrong. I cannot emphasise enough how important this is,” he said. “Everybody needs to plan to fail. Because, if you haven’t already got a plan and things go wrong, it’s very difficult to implement one after, particularly in larger organisations.”

With a general election expected to happen within the next year, Toy also pointed to “integrity of information” as a key area local authorities must look out for.

He said: “Councils need to be thinking about how to make sure that the information they’re holding on servers about the election is true as it will be possible for state-sponsored attacks to come in. And rather than ransomware, delete or block the information – what if they just changed it? Would the councils know? How would they know?”

A version of this story originally appeared on PublicTechnology sister publication Holyrood

Sofia Villegas

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *