Securing the Public Sector 2023 | AKJ Associates Ltd | 11 September 2023 | Park Plaza Victoria, 239 Vauxhall Bridge Rd, Pimlico, London SW1V 1EQ, UK

Local authorities across the UK are experiencing an average of 10,000 attempted or successful cyber attacks every day according to freedom of Information (FoI) requests lodged with 333 county councils, district councils and unitary authorities.

As only 161 replied, this number is clearly too low. Add in other public bodies, from NHS Trusts to the DVLA and HMRC, and central government itself, and the scale of the challenge is clear.

Public sector organisations report that phishing attacks were the most common form of attack as a precursor to more impactful incidents, such as ransomware attacks. Distributed denial of service (DDoS) attacks were the second most common attempt type.

The problem is clear: governments need to digitalise in order to deliver services to citizens via the channels that we all expect, with the efficiency and timescales we now demand. But this enormous transformation comes with huge complexity and very significant risk.

Public sector organisations store and process vast amounts of sensitive data, from addresses, to tax and other payment details, to our legal and health records. They also exchange this data across systems that are already creaking with the demands placed upon them. How will these systems –and the people that run them –cope with the pressures of rapid, new digitalisation?

Even foundational cyber-hygiene is hugely problematic in such complex environments. And if moving to Cloud environments is seen as a way around legacy issues, then how can the public sector solve the challenge of visibility across such a large estate as well as avoid the problems of misconfiguration that have dogged far smaller organisations?

Perhaps most important of all, how can these entities achieve their objectives on limited budgets in the full glare of the transparency that the public demands?