Cyber security delays at local level, despite rising risk

The Reform think tank has claimed that the next cyber security strategy must play a more active role in enforcing standards across the country.

Coronavirus has accelerated the digitisation of public services in the UK, which while positive, poses an increased cyber risk. It has also accelerated the use of remote working tools and multi-agency working, which potentially exposes the public sector to more vulnerabilities.

The Reform think tank warns that, without sound infrastructure, investment in maintaining or updating that infrastructure, and a cyber-aware workforce, there is a threat of large scale damage both to the UK public sector and wider society.

Outlining how more needs to be done to mitigate the increasing threat, Reform says that the National Cyber Security Strategy should explore the possibility of having a yearly random cyber security audit of local public sector organisations. These should be carried out by government departments and statutory bodies in charge of cyber security policy, and would likely reveal adherence to standards at a local level, highlight reasons for non-compliance and improve knowledge of what works.

The think tank also says that the NCSC should work on a kitemark of cyber secure products to help with procurement of new technology and increase the capacity of and mandate attendance to their current cyber security training courses to anyone working in the public sector handling sensitive information.