Skip to content
All posts

Why is the Public Sector Struggling to Prevent Cyber-Attacks?

The public sector is one of the most vulnerable sectors to cyber-attacks.

A crippling attack on any major public sector organisation is a real risk for the future. But, if these organisations are so important and vital, why is the public sector struggling to prevent these cyber-attacks?

Public sector and cyber attacks

The integration of technology in the public sector is a huge step forward for an industry that can often be seen to drag its feet when it comes to digitising and technology. Despite the importance, and well, vitality of collaborating with technology to future-proof and secure data, there comes a risk with transitioning from paper to digital and maintaining its security.  

From ransomware attacks on the NHS to cyber-attacks on parliamentary email accounts, it’s safe to say it’s been a busy few years for cybercriminals. As highlighted in the Cross-Government Fraud Landscape Annual Report 2022, detected fraud and error rose from £310m in 2019/20 to £525m in 2020/21.

Every service that stands across the public sector could lose valuable data that is vulnerable to criminals. From patient records to high-value research from universities and even sensitive information shared by government officials. In this digital era, it’s critical every single organisation makes cyber-security a top priority.

Common Types of Public Sector Cyber-Attacks

The UK is estimated to be the third most targeted country in the world for cyber-attacks, with 32% of businesses and 24% of charities overall identifying a breach or attack from April 2022 to April 2023. The public sector itself remains a key target for cyber attackers looking to illegally gain information, disrupt services or attack services for monetary gain. here are some of the common types of cyber-attacks the public sector faces.


Malware, or "malicious software", refers to malicious software designed to harm or exploit any programmable device, service or network. There are many types of malicious attacks or programs that can come under this term, these include;

Computer Virus - The most common type of malware. A computer virus is a type of malware that spreads between computers and causes damage to data and software. A user can acquire a virus through a number of different ways including email attachments, corrupt files or accidentally downloading one online.

The severity of a virus can vary from slowing down a program or computer to completely bricking a computer, making the user unable to access it or retrieve files. Having a sufficient antivirus programme is vital to ensuring you protect yourself and your organisation from virus attacks.

Trojan Horse - A trojan horse virus (also called a trojan) is a piece of malware that disguises itself as a legitimate program or file, which the user downloads onto their device, giving the hacker control of the system.

The hacker may use social engineering to appear legit to their victim, such as impersonating a manager or colleague through email, which the victim may then click through, allowing the trojan horse virus into the system. With access to the computer or system, the hacker can steal information, lock the user out of their own system or disrupt the system, shutting it down and allowing no one to access it.

Ransomware - Ransomware refers to malware that blocks access to a user's data or device, only granting access if a ransom is paid, typically a monetary sum. It's suggested that 1 in 3 cyber incidents reported to the Information Commissioner's Office (ICO) is ransomware.

Recent ransomware attacks in the public sector include an attack on the Greater Manchester Police (GMP), which saw more than 12,500 officers and staff being put on alert that their private data may have been compromised in a hack. Hackers using ransomware may gain access to the victim's device in similar ways to a trojan horse virus, disguised as a legitimate email or gaining access using the user's personal data via other means.

Spyware - Spyware refers to any type of malware used to collect personal information and gather data without your consent. This may come in the form of a trojan horse virus and whilst similar to ransomware, the hacker typically would not reveal themselves to the user, choosing to remain undetected whilst they gather the data. Potential spyware was suggested to have been identified in the Pegasus Attack which targeted both the prime minister’s office and the Foreign Office.

Spyware is especially important to identify in the public sector, as it concerns national security if a hacker were to gather information on high-ranking officials or cyber security defences. Want to further protect yourself against malware and other cyber-attacks? Here are 5 tips to counter fraud in the public sector.

Common Types of Public Sector Malware (1)


Phishing refers to a form of social engineering where the hacker gets the victim to reveal personal or sensitive information. While phishing can often involve malware, such as a trojan horse virus, the hacker may simply opt to disguise themselves as someone legit that the victim may know, such as a colleague or manager, tricking the victim into replying to a fake email or text with personal information.

Public sector organisations themselves are often impersonated by hackers, with the National Cyber Security Centre (NCSC) suggesting that the NHS, TV Licensing and HM Revenues & Customs ranking among the top impersonated organisations reported to the Suspicious Email Reporting Service  (SERS). Concerned hackers may have access to your information? Here's how to effectively manage your records and Information.

DDoS Attack

A distributed denial-of-service attack (DDoS or DoS) refers to an attack where the attacker overloads a system, often through an internet connection, rendering the system inaccessible. The motive of a DDoS attack can vary, from individual hackers looking to spread political messages to large groups of hackers looking to undermine a system for other means. In 2021 UK phone providers were targeted by DDoS attacks, with the hackers looking for a ransom. As highlighted by the NCSC, having a plan to identify and counter DDoS attacks is vital to protect your systems and your users, read their further guidance here.

So, Why is the Public Sector Struggling to Prevent Cyber-attacks?

1. Budget constraints

Universal across all public sector services; IT managers are increasingly finding themselves tasked to do more with less. As a result of the budget cuts, basic data security measures are being missed. The most high-profile example of this is the WannaCry attack that crippled the NHS and was able to spread due to a failure to patch a known exploit.

Cultural change is needed amongst employees at every level to ensure a stop to preventable cyber-attacks. This could mean a number of things including updating systems regularly and being aware of suspicious emails and links.

2. Skills gap

The cybersecurity skills gap in the public sector is widening due to the rapid transition from paper to digital. 

A complete overhaul in how cybersecurity talent is developed should play a key part in defending the public sector from cyber-attacks. But we must also focus on skills building now to provide immediate prevention or at least decrease the risk of breaches in the meantime.

Having data skills can give you an insight into how important basic cybersecurity is to any organisation. Here are 6 reasons why everyone should learn data skills - not just project managers.

Strategy and planning pillar page blog link

3. The misconception

Many organisations see cybersecurity as an unnecessary cost, with minimal return on investment. This is an oversight, especially for public sector organisations looking to minimise costs. When you consider that a medical record is worth 10 times as much as a credit card number on the black market, it’s no surprise that the Identity Theft Resource Center's end-of-year data breach report shows that 34.4% of all breaches worldwide are hitting the healthcare industry.

The industries most vulnerable to cyber-attacks are:

  • Small businesses
  • Healthcare institutions
  • Government agencies
  • Energy companies
  • Higher education facilities

Not only is there a cost associated with data breaches but they can bring about lawsuits and regulatory penalties as well as a compromise not only patient data but patient care.

Research by Palo Alto Networks found that the NHS could save an estimated £14.8 million annually when investing in cybersecurity, enough money to employ an additional 150 doctors and 250 nurses. Cybersecurity should be viewed as an enabler to allow operations to not only become more agile but also save money.

Steps are being by the government taking to combat cyber-attacks with the government's new fraud strategy aiming to cut fraud by 10%. Action will, however, also be taken on an individual and an organisational level to combat the continued rise in cyber-attacks.

Learn How to Prevent Data Breaches with our Masterclass

From developing a better understanding of what the law says to prevent breaches, attend our half-day Masterclass to gain a full set of data breach handling skills to avoid legal penalties from the ICO. Secure your place today.

strategy & planning training courses cta button

Chloe Martin
Content Editor

2+ years in SEO and content marketing. Striving to help public sector professionals develop their skills and learn something new through high-quality content.