Cybersecurity: Public Sector vs. Private Sector
Cybercriminals don't discriminate: if you have money and/or digital data (usernames, passwords, documents, emails etc.) you’re a target. This means both public and private sector organisations are fair game as far as they’re concerned.
Large businesses with bulging bank accounts and small businesses that lack the financial resources to deploy robust controls are obvious targets for cybercriminals. For example, 43% of cyber-attacks are aimed at small businesses, but only 14% are prepared to protect themselves.
Public sector organisations might not be in the business of making a profit, but they are custodians of huge amounts of sensitive data and are responsible for providing vital services – making them a prime target for cybercriminals. For example, the public sector is the second most vulnerable sector when it comes to cyber-attacks, falling victim to 18% of all reported incidents.
While many of the attacks are similar, the cybersecurity structure differs in both sectors.
Cybersecurity in the public sector
These government-funded organisations exist to provide a service to the public. However, without the pressure of profit hanging over them it can feel like there’s less at stake – despite the vital work that they do. When it comes to cybersecurity, this can manifest itself in the form of slow decision-making, inadequate training, and outdated IT infrastructures that are considered too expensive to update – heightening their vulnerability to attacks.
But the tide is turning. For example, in 2022 the UK government announced that it is investing £2.6 billion in cyber over the next three years – significantly more than the £1.9bn that was committed in the last National Cyber Strategy – with a particular emphasis on improving its own cybersecurity. This includes over £85m to combat the challenges facing local councils, helping them to improve their cyber resilience and protect vital services and data.
Specialist government agencies champion cybersecurity and spearhead their nation’s response to cyber-attacks, such as:
- The National Cyber Security Centre (NCSC): A UK government agency that provides advice, guidance, and support on cybersecurity threats – including the management of cyber security incidents – for SMEs, larger organisations, government agencies, and the public.
- The Federal Bureau of Investigation (FBI): The lead US federal agency for investigating cyber-attacks and intrusions. Its goal is: “…to change the behaviour of criminals and nation-states who believe they can compromise US networks, steal financial and intellectual property, and put critical infrastructure at risk without facing risk themselves.”
Cybersecurity in the private sector
Businesses of all sizes across the world are exposed to an increasingly complex cyber threat environment. From malware and phishing to Distributed Denial of Service (DDoS), a barrage of multifaceted cyber risks – both internal and external – impact business continuity, intellectual property, personal and professional integrity, and reputation.
Small businesses are more exposed to rising threat levels than larger organisations with deeper pockets. A lack of financial resources means they are often unable to allocate the funding needed to reinforce their cyber defences. For example, in 2021, medium-sized companies invested over £700 million in the cybersecurity sector, large businesses invested almost £153 million, whereas smaller companies invested a significantly lower amount.
Understandably, businesses typically scale their cyber teams in line with their overall growth. As their attack surface expands so does their investment in robust cybersecurity controls that facilitate better cyber resilience – the ability of an organisation to shield itself from, respond to, and recover from a cyber-attack, data breach or service outage.
Yes, cybersecurity is inextricably linked to technology, but people are the driving force behind the development and execution of a robust cybersecurity strategy in any business. From the Chief Information Security Officer to the cybersecurity analyst, this team of experts works together to promote cybersecurity, proactively mitigate cyber-attacks, and provide robust incident response to minimise harm, assist with recovery, and learn lessons.