The threat of cyber-attacks is growing. The UK is now the third most targeted country1 for these attacks globally, which puts our public sector under significant pressure to adapt - urgently.
From safeguarding sensitive data to protecting critical public services, the stakes are high. Modern cybercriminals are exploiting weaknesses in both technology and people, targeting systems essential to national security and public welfare.
This means two things:
- Our technology must be more secure.
- Our people must be better prepared.
By making resilience a top priority—through investments in safer systems and better training for staff, the UK can not only defend itself but set an example on the global stage.
Toby Barnard, Managing Director, UK Public Sector, QA
Why cybersecurity matters for the public sector
Public sector organisations deliver vital services like healthcare, transportation, and social support. They also protect sensitive data about citizens. A successful cyber-attack could cause major disruptions, erode public trust, and even jeopardise lives.
The numbers are alarming:
- Cyber incidents impacting national infrastructure have risen by 50%2.
- Severe attacks have tripled in just one year.
Cyber criminals are getting more sophisticated. They are constantly adapting to the changing technological environment, as well as harnessing it to develop new tactics; artificial intelligence and machine learning have enabled attacks to be more precise and harder to detect. Refined, self-changing malware can evade detection by traditional security systems, and ransomware attacks are becoming more targeted with higher ransom demands.
A striking example is the ransomware attack on NHS Dumfries and Galloway3, where three terabytes of sensitive data were stolen and leaked. This incident exposed the vulnerability of critical public services, sparking serious concerns about the misuse of private information.
Richard Horne, CEO of the UK’s National Cyber Security Centre, warns: "Critical systems and services make attractive targets for hostile states and malicious actors in cyberspace. They are increasingly using our technology dependence against us, seeking to cause maximum disruption and destruction."
This new generation of sophisticated cyber-attacks on public infrastructure is weakening the trust we place in digital systems. With sectors like energy, healthcare, and transportation increasingly under attack from advanced persistent threat4 groups, it’s clear we need urgent action.
A two-part solution: People and technology
1. Strengthen Workforce Awareness
Despite the government’s £2.6 billion investment5 in cybersecurity, incidents keep rising. Why? Because even the best technology won’t help if employees unintentionally open the door to attackers.
Shockingly, 83%6 of public sector organisations have not provided their staff with basic cybersecurity training. What’s more, the rise of hybrid working has increased the threat to cybersecurity. With employees accessing systems from home, cafés, or on public Wi-Fi, providing attackers with easier access, it comes as no surprise that 4 in 107 people have had their personal information compromised whilst using public Wi-Fi.
To reduce risks:
- Provide staff with tailored cybersecurity training, particularly frontline workers who are the first line of defence.
- Conduct regular simulations, such as mock phishing exercises, to boost awareness and readiness.
2. Adopt Safer Technology
Digital transformation in the public sector must have security at its core. Here’s how:
- Secure by Design: Build systems with security in mind from the start. Tools like Microsoft Copilot can help bolster everyday security by detecting phishing and promoting secure practices like strong passwords.
- Lifecycle Management: Ensure that systems remain secure through regular updates and maintenance.
- Threat Detection: Use advanced tools like AI to spot and respond to suspicious activities.
- Public-Private Partnerships: Collaborate with experts, like Microsoft and QA, to strengthen defenses.
A call to action for leaders
Senior civil servants, policymakers, and advisors play a pivotal role in championing cybersecurity initiatives. By prioritising investments in both technology and workforce development and by fostering a collaborative culture of continuous learning and vigilance, we can strengthen our national cyber resilience.
From embedding security into new systems, to fostering a culture of cyber awareness among employees, resilience requires a collective effort, and UK public sector organisations must lead the way in adopting these proactive measures, as well as leveraging international partnerships,
As Richard Horne puts it: “Without coordinated global action, the gap between escalating threats and our defences will only grow.”
In conclusion, as cyber threats continue to evolve, so must our strategies to counter them. A unified approach that combines advanced technological solutions with a well-prepared workforce will be instrumental in safeguarding the UK's public sector and, by extension, the people it serves.
Click here to find out how QA and Microsoft’s cybersecurity training can help build a future-ready, secure public sector.
References
- https://committees.parliament.uk/committee/135/science-innovation-and-technology-committee/news/198084/how-resilient-is-uk-critical-national-infrastructure-to-cyberattack/
- NCSC CEO’s speech to mark the launch of the NCSC Annual Review 2024
-
NHS Dumfries & Galloway hackers unlikely to be convicted - police - BBC News
-
What Is APT (Advanced Persistent Threat)
-
https://www.gov.uk/government/publications/national-cyber-strategy-2022/national-cyber-security-strategy-2022
-
Cyber Security Breaches Survey 2022 - GOV.UK
-
The Risks Of Public Wi-Fi – Forbes Advisor