Over a third of public sector firms in the UK have revealed they are falling victim to 250 cyber-attacks a year.
New research by Keeper Security, has warned while digital infrastructure underpins nearly every essential public sector function from emergency services to government authorities, in an age of global political turmoil and increasing macroeconomic instability, the public sector’s digital infrastructure is a key target for cyberattacks.
The company has released its Government and Public Sector Cybersecurity Census Report which reveals that, on average, organisations in the public sector experience 44 cyberattacks each year, more than three every month, and more than a third (35%) experience over 250 attacks annually. In short, cyberattacks are becoming a weekly and, in some cases, daily threat to public sector organisations. “Given their crucial role powering critical infrastructure, these attacks present not just a threat to individual organisations, but to the nation as a whole,” the research added.
The company said cyberattacks can also damage public trust. Over a third (39%) of respondents reported they experienced reputational damage due to a successful cyberattack. In fact, 35 percent experienced disruption to their daily operations from an attack, over a quarter (29%) experienced theft of information and 25 percent had money stolen.
“With budgets under pressure, the sector can’t afford such losses—particularly when the 27 percent of those who had money stolen report the figure taken was between £500,000 and £999,999,” the report explained.
According to IT leaders, the level of cyberattacks on the public sector is only expected to grow. The vast majority (88%) expect the total number of attacks to increase and, within that, 56 percent expect the number of successful attacks to increase as well.
Darren Guccione, Keeper co-founder and CEO explained: “While the public sector is taking key steps toward building a culture of security, such as regular threat assessments, significant vulnerabilities remain. In particular, the sector must put security at the heart of transformation efforts while credential management needs to be stepped-up to plug gaps that could be exploited by bad actors. IT leaders must remain vigilant in demonstrating the value of security to their organisations. The sector must recognise that cuts to cybersecurity budgets only expose organisations to greater threats—both financial and reputational. Stronger defences, on the other hand, offer a long term return on investment by protecting against theft.”
The Census report added despite the data showing that cyber threats and breaches are poised to increase, just 29 percent of public sector organisations believe they are “very well prepared” to defend against cyberattacks:
- Only 27 percent believe they are very well equipped to deal with employees leaving the organisation with credentials that give them access to data
- Only 19 percent stated they have in place a highly sophisticated framework for visibility and control of identity security
- 38 percent said they leave it to employees to set their own passwords and access is often shared between employees
“The need for change is therefore urgent,” it added. “More than two-thirds (69%) say that the time taken to identify and respond to a cyberattack has increased in the past 12 months. However, the majority (75%) believe they currently have the right skills and solutions in place. This apparent contradiction could be due to a need for improving how skill sets and solutions are deployed to make the most of them, as well as a need for cultural changes in how cybersecurity is approached.”
It continued: “Cybersecurity is recognised as essential by leadership in the public sector, with nearly two-thirds (65%) of respondents stating it was of significant importance to their C-suite and they dedicate resources to it. This commitment from leadership appears to be having a positive effect on the appetite for change in cybersecurity approaches in the public sector, with 83 percent of organisations having invested in cybersecurity personnel in the past 12 months.”