Some public sector IT staff with cyber security responsibilities admit their cyber defences are weakened by unclear internal policies, or say they’re concerned with a lack of best practice which could lead to a cyber incident or data breach, according to a survey of 250 in the field by Opinion Matters, for the cyber firm Trend Micro.
Despite several cyber initiatives in the UK, they fall short, according to IT people in healthcare and the public sector generally. Two-thirds (68pc) warn that Government policies still don’t go far enough in setting minimum security standards for delivering public services or their suppliers. Half feel that the G-Cloud Framework (whereby cloud hosting, software and support vendors have applied to sell their services to UK public sector bodies) “isn’t fit for purpose” in helping them choose vendors with good cyber credentials.
Those in IT surveyed say that they are optimistic about the emergence of the UK’s official new Cyber Assessment Framework in driving best practice and plugging some of the weaknesses. Most, 80 per cent see it as a critical vehicle for ensuring resilience, such as by benchmarking cyber risk and helping them work with the right partners.
However, although 38pc are working to meet these standards within the next two years, hurdles in the way may make life harder. Near half of those surveyed say they are too focused on managing immediate cyber threats to develop a strategic cyber plan (49pc), while 48pc lack the funds to invest in essential security awareness and training procedures needed to build a cyber-resilient workforce.
The survey suggests that cybersecurity still hasn’t earned a place at the top table. More than half (52pc) of respondents report their boards still treat cybersecurity as a mere “tick-box exercise” rather than a business-critical operational concern. Some 39pc of IT decision-makers are calling for cybersecurity to be recognised as a business-critical risk with corresponding funding allocation.
Comment
Jonathan Lee, UK Cybersecurity Director at Trend Micro says: “Recent cyber-attacks have exposed the vulnerability of our public services – from compromised streetlight systems in local councils to ransomware attacks on NHS suppliers resulting in stolen patient data and potential clinical harm to patients. The Synnovis ransomware attack, which led to thousands of cancelled and delayed blood tests, is a stark reminder that cyber incidents aren’t just about data, they have real-world, life-altering consequences. When 68pc of UK IT leaders tell us Government policies fall short and over half report cybersecurity is treated as a tick-box exercise, we’re looking at a systemic problem that demands urgent attention.”
Visit www.TrendMicro.com.
