FINAL WORD

When the majority of public sector organisations have relocated to the same public cloud hyperscaler and adopted identical security postures , it is inevitable that a breach at one organisation will be repeated in others .

While the UK ’ s public sector is on the front line of a global escalation in cyberattacks , the number of breaches to service disruption , data loss and additional costs to rebuild and restore systems are unacceptable and unnecessary .

A lack of expertise , insufficient procurement rigour and a herd mentality have led to over-reliance on a handful of vendors , ubiquitous infrastructure models and identical security vulnerabilities that are quickly and easily exploited .

Budgets are adequate . Better , more affordable and secure technologies are mature and proven . It is the broken tender process that is fundamentally undermining innovation and exposing the public sector to devastating security risk .

There is no doubt that the UK ’ s public sector organisations are facing an evergrowing security threat . Alongside public bodies in every developed country , state-sponsored attacks are designed to undermine the delivery of essential services . And the cost to recover from these cyberattacks is devastating , with councils spending millions to recover from ransomware attacks in recent years .

The ever-rising threat level is , however , just one part of the story . While public sector bodies are prime targets due to the level of sensitive data held , the impact of attacking critical infrastructure and the appeal of targeting a high-profile organisation , not every public body is enduring repeated downtime as a result of breaches .

Nor does a single hack automatically affect every part of the organisation , to a disruption of vital services for days , even weeks . So , what differentiates those organisations , such as Bexley Council and Bedford Council that have a good cyber security track record , from the rest ?

And , critically , what is the best way to propagate best practice throughout the public sector to mitigate risk ?

The issue is not budget . The public sector may constantly claim a lack of funding but money is not the root cause of inadequate security or inconsistent service delivery . The problem is how that money is spent . Despite attempts to improve the rigour of public sector IT investment , the current tendering process is fuelling misdirected and excessive spend .

In theory , an open tender model should ensure that money is well spent . It should guarantee the service is delivered by the best provider .

In reality , the vast majority of contracts are allocated to the same handful of large organisations . Which would be fine , if the services delivered were top quality , highly secure and fairly priced . They are not . The public sector is routinely charged three times as much as the private sector for equivalent IT deployments .

In addition to this endemic overspending , the reliance on a small number of vendors radically increases the security threat due to the ubiquity of infrastructure models . When the majority of public sector organisations have relocated to the same public cloud hyperscaler and adopted identical security postures , it is inevitable that a breach at one organisation will be rapidly exploited and repeated in others .

The current tender process lacks rigour . Given the continued security breaches , why

INTELLIGENT TECH CHANNELS 73