Findings released by cybersecurity platform Trend Micro has exposed weaknesses in the UK public sector’s cyber defences, as 60% of IT leaders say a successful cyber-attack is “only a matter of time”.
The research, which surveyed 250 IT public sector leaders with cybersecurity responsibilities, viewed phishing as the most significant threat over the next two years (60%), followed by ransomware (41%).
The data shows that many organisations still operate reactively, with nearly one-third (31%) of respondents acknowledging that a lack of proactive threat hunting and risk management leaves them exposed.
If breached, 24% admit it would take them between one and three days to successfully identify a ransomware attack, with the average response time being one day and six hours.
When delving into the why, the research revealed that time management is a significant issue. Almost half (49%) said they are so overwhelmed with managing immediate cybersecurity threats and challenges that they don’t have enough time to spend on building a strategic cyber plan.
The absence of a strategic, cybersecurity-first culture across the broader workforce, identified by 42% of respondents, is manifesting in behaviours that heighten everyday cyber risk.
This includes employees intentionally bypassing security protocols even though they have had cyber training (47%), as well as human error (39%).
With external and internal factors worsening risks, IT leaders are beginning to rethink their approach and how technology can help bolster their defences.
By 2027, 38% plan to adopt advanced technologies, including generative AI, to improve threat detection capabilities, signalling a shift in recognition that traditional defences are no longer sufficient.
“The public sector continues to be a prime target for threat actors, from exploiting weaknesses with NHS suppliers to steal patient data, to infiltrating The British Library to capture 600GB of data,” said Jonathan Lee, UK cybersecurity director at Trend Micro.
“We don’t know if the government’s proposed ban on ransomware payments will curb such activity, and in the meantime, gangs have a steady supply of victims capable of paying up. This underscores the urgent need to make cybersecurity a priority, with more investment in culture and technologies.
“As government systems evolve, often built on legacy infrastructure, they remain vulnerable, and no organisation can afford to treat cybersecurity as an afterthought.”
Read more: LTW 25: Building AI systems accessible for all
The post New research reveals cyber weaknesses in UK public sector appeared first on UKTN.
