The recent report update to the National Cyber Security Programme has made good progress in understanding sophisticated cyber threats but highlighted concerns surrounding a “varied understanding of threats to wider public services.”
The findings from this correlates with evidence from Databarracks’ recent Data Health Check survey of over 400 IT professionals in the UK, which reported that public services were the group most likely to have been hit by a cyber threat. 46 per cent of organisations surveyed reported an incident in the previous 12 months. To give that some perspective, that compares to 42 per cent of financial organisations and only 30 per cent of technology organisations.
Arean therefore states it is imperative initiatives designed to address cyber security are more widely communicated:
“It’s not surprising that central government is leading the public sector in terms cyber security practices. For large public bodies or even private businesses, the risk is higher, and they are the organisations with the resources to be able to protect themselves. For smaller organisations or departments, they have less resources and it has perhaps been less of a priority until now. The growing risk of a cyber attack means we’re at a point now where we all need to be prepared. Organisations of all sizes need practical advice on how to protect themselves.
“To address this, the government already has a great tool in place to solve this issue – the Cyber Essentials Scheme. The scheme has only recently been launched and isn’t mentioned in great detail in the report but it’s specifically designed to help organisations protect themselves against the UK’s most common cyber attacks. It solves a specific issue for private sector SMEs who may not have any dedicated IT staff, but actually it is equally valid for public sector organisations.
“We expect to see a big increase in the uptake of the scheme in the coming months as it becomes a prerequisite for companies tendering for public sector projects. If the government can successfully promote the scheme to those wider public services outside Whitehall, then not only will it improve understanding and awareness of cyber security, it will also be delivering value for money by extending the principles of the existing scheme from the private to the public sector.
“If it’s a good idea to make private sector suppliers to the government meet the Cyber Essentials security standard, then surely it’s an equally good idea to ensure our public services have the same level of protection from cyber attacks,” concluded Arean.