Why UK public sector IT chiefs shouldn’t shrug off breach threats

The kind of data held by public sector organisations could lead to serious harm if it’s exposed to cyber-attacks…

Gary Luther


Throughout the UK, companies from every industry are being forced to rethink the way that they handle security and privacy. In an age of legislation like GDPR and PCI, organisations of all sizes can’t afford to take risks in the way that they manage and secure their data. However, it seems that some companies are taking the threats in the landscape more seriously than others.

A recent survey conducted by the next-gen cybersecurity brand, Sophos, discovered some significant insights into the security strategies of public sector IT leaders. According to the research, there’s a serious risk awareness gap between the CIOs responsible for protecting today’s public sector organisations, and the teams responsible for the IT frontline.

As a partner of Sophos, Nice Network takes security very seriously. We’re here to tell you why public sector organisations need to make sure that they’re not simply “shrugging off” threats.

Are public sector companies taking data seriously?

Sophos, and other digital experts believe that this significant knowledge gap is having a serious impact on IT security. One of the most worrying findings of all was that 55% of public sector IT leaders don’t see the value of their digital data. The respondents said that their organisation’s data isn’t as valuable as the information in the private sector. However, the public sector groups across the UK handle a huge amount of confidential, personal, and sensitive government information each day.

This finding indicates that today’s public sector companies don’t fully understand how crucial the information they work with is. This lack of understanding could mean that some groups are failing to put the right level of protection in place for their information – leading to a higher threat level for some companies.

The Sophos survey questioned a wide number of respondents to get its results. Some of the people who participated in the survey included C-Suite executives, and front-line IT teams within government, education and NHS environments.

What do the findings mean?

According to the UK director of Public Sector Relations for Sophos, the kind of data held by public sector organisations could lead to serious harm if it’s exposed to cyber-attacks. Sensitive data for more than 66 million UK citizens could easily become available to individuals all around the world. This includes criminals on the dark web that buy and sell personally identifiable information worldwide. There’s a large market out there for information like NI numbers, addresses, names, and other details.

The more data that criminals can mine from public sector companies, the easier it is for these malicious individuals to use that information for everything from extortion to identity theft. In the government environment, there’s even a risk that data breaches could also leak information about strategic defence for the country, including tactical plans and surveillance records. This could lead to catastrophic issues with national security.

The problems with today’s security

The research from Sophos also revealed a number of other worrisome insights. For instance, three-quarters of the senior IT leaders in the report said that their organisation had already been a victim of a ransomware attack. However, only 15% of IT practitioners were aware of the problem. Additionally, 45% of IT leaders said that there had been significant increases in security in recent years. What’s more, today’s IT leaders have also revealed that recruiting cybersecurity professionals and talent has become one of the single greatest challenges to an organisation’s IT security.

The Sophos report reveals that there’s a significant problem in the way that today’s public sector companies are addressing their security strategies. Clearly, there’s a gap in the way that security issues are perceived by different members of the IT team in the UK public sector. Whatever the reasons might be behind these problems, the end result could be that organisations aren’t properly preparing for the level of risk that their companies are actually facing each day.

Better team policies, as well as clearly defined processes will be essential for brands to maintain and ensure the security of the public sector going forward. Additionally, robust knowledge needs to be supported and complemented by security solutions that offer clear and accurate data on the number of significant threats and attacks that are actually taking place in the environment.

Is your security strategy up to scratch?

The public sector isn’t the only environment that suffers with less than ideal strategies for security and privacy. If you’re still brushing off data breaches in your organisation, or you don’t have a plan in place to protect your data, then you could be losing one of the most valuable assets that you have.

Get in touch with Nice Network today to learn more about building the perfect security strategy.