Amid a rapidly evolving cyber threat landscape, the public sector faces urgent challenges, requiring enhanced technology and heightened employee awareness.
The cyber threat landscape is evolving. With the UK currently the third most targeted country in the world for cyber-attacks, our public sector must adapt – and adapt now.
Public sector technologies must evolve rapidly to meet new challenges, and employee awareness must be brought up to a new standard, as attackers exploit vulnerabilities in systems integral to national security and public services.
By placing strategies for resilience at the top of the agenda, investing in both safer technologies, and workforce readiness, the UK has an opportunity to lead the way, instead of falling behind.
Why cyber security should be a critical priority in the public sector
Public sector organisations are at the frontline; delivering essential services, managing critical infrastructure, and safeguarding sensitive citizen data. Such services cannot afford disruption or serious breaches. Nationally significant cyber incidents have increased by an alarming 50%. Severe cases have tripled this year alone.
A new generation of sophisticated cyber operations targeting public infrastructure is undermining vital trust in digital systems. One example is the attack by INC Ransom on NHS Dumfries and Galloway, in which three terabytes of data containing confidential patient and staff information was stolen and exposed, leaving many concerned about the possible exploitation of that data.
As Richard Horne, CEO of the UK’s National Cyber Security Centre (NCSC), stated:
‘Critical systems and services make attractive targets for hostile states and malicious actors in cyberspace. They are increasingly using our technology dependence against us, seeking to cause maximum disruption and destruction. In the past year, we have seen crippling attacks against institutions that have brought home the true price tag of cyber incidents.’
Indeed, the security of critical infrastructure such as energy, transportation and healthcare is a pressing concern, as advanced persistent threat groups increasingly target these sectors.
The solution lies in a combined approach of workforce readiness and technological resilience:
Address human vulnerabilities
We know that there has been substantial investment into cybersecurity, with £2.6 billion committed in the government’s 2021 Cyber Security Strategy. So, why do incidents not only persist, but continue to rise?
No amount of investment will be enough while the workforce still opens the door to threats. Yet, in the face of immense risk, a shocking 83% of public sector organisations have not provided basic cybersecurity training to their workforce.
The resultant gap in organisational defences is only exacerbated by hybrid working models in more than 80% of organisations. Remote access provides attackers with an easier route to success.
With work activities taking place across many environments including home and travel networks, as well as ‘third spaces’, such as cafes and restaurants, it should perhaps be no surprise that 4 out of 10 people have had their information compromised whilst on public Wi-Fi.
It is time to upskill public sector employees in earnest. Training tailored for the public sector context will equip the workforce to identify and respond to cyber threats. Focus these efforts on frontline staff who often serve as the first line of cyber defence. Simulations such as mock phishing exercises, can strengthen awareness and readiness for cyber incidents.
Strengthen technical security
On the stage of digital transformation, organisations must now place security at the core. Here are the key tactics the public sector can utilise for watertight use of new technologies:
- Secure digital transformation – Secure-by-design’ principles ensure systems are resilient against emerging threats. You may also embed technologies that enhance everyday security across your workforce, such as Microsoft Copilot, which can help spot phishing, keep antivirus and malware in shape, as well as reinforce employee best practices such as strong password protection.
- Lifecycle management – To ensure that systems remain secure long after deployment.
- Threat detection – Adopt advanced analytics and AI tools to detect anomalies and respond proactively.
- Public-private partnerships – Collaboration with technology providers, such as Microsoft, can accelerate the adoption of robust cybersecurity measures.
The way forward
Building resilience across public sector services must be an urgent priority. By embracing these tactics, the public sector can win by integrating technological resilience with workforce readiness.
From embedding security into new systems, to fostering a culture of cyber awareness among employees, resilience requires a collective effort.
As Richard Horne aptly stated, ‘without coordinated global action, the gap between escalating threats and our ability to defend will only widen.’
UK Public sector organisations must lead the way in adopting proactive measures, leveraging international partnerships, and investing in both technology and people to secure the services that societies depend upon.
By prioritising cybersecurity, public sector leaders can safeguard the continuity of essential services while reinforcing trust in digital governance.
Ready to strengthen your workforce resilience to global cyber threats?
Discover how QA and Microsoft’s cybersecurity training can equip your team with the skills needed for a future-ready public sector.
Secure the safety of the public sector with Microsoft skills