Public sector struggling to face cybercrime challenge, according to new polling

Public sector organisations lack the resources to face the evolving cybercrime threat, exclusive polling by Holyrood magazine has revealed.

Gathering over 50 responses, more than two-thirds of public sector technology leaders said they worried about cyber-attacks daily, and almost half – 48 per cent – revealed they had suffered a cyber-attack in their workplace.

However, four out of ten believed their organisations didn’t have enough funding dedicated to cybersecurity, and more than two-thirds said support from central government in this area is insufficient.

For the last decade, cybercrime has been on the radar of public sector organisations, with advancements in technology opening up opportunities for criminals to cause harm and remain undetected. 

Yet, north of the border, it was not until December 2020, when the Scottish Environment Protection Agency (Sepa) suffered a breach, that the importance of cybersecurity was fully realised. The attack crippled Sepa's operations, with stolen data amounting to 1.2GB, costs adding up to £5.5m, and the agency taking over a year to rebuild its systems. 

More than three-quarters of those surveyed by Holyrood said their organisation had either made “some” or “significant” improvements to their cyber strategy since the incident, and a majority of respondents – 90 per cent – now regarded cybersecurity as a priority.

However, two out of 10 said they still do not feel their organisation is very prepared in the event of a cyber-attack, suggesting there is still a gap to close.

Speaking to Holyrood, chief executive of the Cyber Centre of Excellence Kurtis Toy highlighted how cyber resilience is what will prevent organisations from getting knocked out by attacks.

“An important part of cyber resilience is your back-up plan and technologies. So, your business continuity plans – what to do when it all goes wrong. I cannot emphasise enough how important this is.

“Everybody needs to plan to fail. Because if you haven't already got a plan and things go wrong, it's very difficult to implement one after, particularly in larger organisations.”

Toy added: "I think a lot of people assume that because we rely on Microsoft so much, it's almost unimaginable to have no access to it. But we have to imagine that so that we can put the controls in place to ensure it stays unimaginable."

The polling also revealed it took 13 per cent of respondents more than five months to get back to normal following an attack. And, when it comes to local councils, any potential threat and prolonged handling of it becomes a matter of public security. Given the wealth of information they hold including such as council tax or social care data and the services they support, any breach could “impact somebody's health and wellbeing”, Beverly Bowles, head of cyber at ScotlandIS told Holyrood.

With a general election expected to happen within the next year, Toy also pointed to “integrity of information” as the key area local authorities must look out for.

He said: “Councils need to be thinking about how to make sure that the information they're holding on servers about the election is true as it will be possible for state-sponsored attacks to come in. And rather than ransomware, delete or block the information, what if they just changed it? Would the councils know? How would they know?”