Despite high awareness in the public sector about cyber-security risks and the threat to national security, government officials feel that not enough attention has been placed on ensuring key “Digital by Default’ platforms are also “Secure by Default’.
Findings from a McAfee study, which surveyed 815 government employees, indicates civil servants have concerns about the security posture of priority initiatives being driven by the Cabinet Office:
- Less than third of respondents agree or strongly agree that adequate consideration is given to cyber-security within the government reform agenda
- 28% of central government respondents believe SMEs are vulnerable to cyber attacks due to their involvement in the supply chain for the delivery of government projects. This figure rises to 35% amongst those working in roles which require a high level of knowledge or some knowledge of cyber-security issues
- Only 14% of respondents feel G-Cloud gives adequate consideration to cyber-security
- A mere 13% of civil servants stated cyber-security occupies a prominent enough position in the Universal Credit Programme.
Cyber security is considered a tier one threat to national security and awareness for the potential ramifications were evident in the results with 60% of civil servants confirming cyber security is a high or top priority within their department. However, 47% believe that little or no knowledge of cyber security is needed in their positions. With more than 80% of those questioned working in central government and presumably handling highly-sensitive information, this lack of ownership and accountability could have serious ramifications.
The public sector faces a multitude of security challenges. The study found that the areas of most concern are data protection and security (36%), direct hacking attempts like DDoS attacks or SQL injections (17%) and attacks from foreign governments and criminal or terrorist organizations (14%).
Considering the negative ramifications of these types of breaches – hefty fines from the ICO, damaging news headlines, interruption of public services offered online and the safety of Britons – it comes as little surprise that these were ranked as the top three.
While civil servants do acknowledge the risk posed by cyber attacks, just over half of respondents feel an important solution to the problems caused by the lack of digital skills is to run more dedicated training courses and high-potential development programmes for specialists in this field, while 41% call for stronger specialist teams within departments.
Anecdotal responses gathered during the survey also hint that experience outside of the public sector may bring much needed cyber security expertise to government departments, with respondents saying the skills of those who have private sector experience are not fully utilized.