Organizations in the United Kingdom’s public sector face several challenges in terms of their digital security. Today, these companies must meet an increasing number of regulatory compliance obligations. GDPR likely sits near the top of UK public sector organizations’ list of responsibilities given the penalties they could incur should they fail to adequately protect EU citizens’ personal data. They must also fulfill the growing number of requirements specified under the United Kingdom’s minimum cyber security standard.

Of course, these entities don’t have unlimited budget and resources to fulfill these duties. For instance, a 2018 report published by the Joint Committee on the National Cyber Security Strategy found that the public sector in the United Kingdom lacks sufficient cyber security skills to uphold the country’s vibrant digital economy. This skills gap makes it difficult for UK public sector organizations to meet some of today’s most pressing technology challenges.

An even bigger consequence of the United Kingdom’s skills gap is that many public entities aren’t prepared for a data breach. The Advanced Annual Trends Survey 2017-18 found that almost one in four (23%) of public sector organizations are unprepared for a cyber-attack. Unfortunately, real data security incidents have already proven the validity of this finding. Chief among them was the 2017 WannaCry outbreak, a global ransomware attack which affected more than a third (34%) of National Health Service (NHS) trusts in England.

Months after the attack, the National Audit Office discovered that many NHS organizations had failed to properly safeguard their systems against a cyberattack.

The challenges discussed above have prohibited many UK public sector organizations from taking a proactive approach to their cyber security. But as it turns out, companies need this exact type of approach if they are to adequately defend themselves against attacks and data breaches. So how can (Read more...)