Private companies aren’t the only target for cyber criminals. As we’ve seen in the past with attacks to major public infrastructure, such as the Colonial Pipeline in the US in May 2021, and public services, like the Wannacry attack on the NHS in 2017, threat actors are not afraid to target governments. 

A reason for this is because they are often considered ‘soft targets.’ Governments – national and local – are highly bureaucratic which makes them very slow moving. Not only do they need to comply with different policies, but they also need to consider the politics of any decisions they make. This can hamper preparations around cyber security and make them slow to respond when an incident occurs. 

The public sector also has tighter budgets than most large private companies. And because of the many different costs they need to balance to keep the country, state or city running, it’s not unusual that cyber security gets pushed down the list of priorities. In the current economic climate, these budgets are likely to get even tighter.

Preparation is crucial for the public sector

However, cyber attacks on the public sector can cause major havoc, arguably more than when private companies are hit. If a power grid is targeted, then this has a knock-on effect on hospitals, transport and individuals who need light and electricity. Or if the government payments system is hit, then welfare payments (such as pensions or disability allowances) will go unpaid to those who really need them. 

As a result, governments need to invest in their cyber security systems and processes. Here are a few things they should consider: