Skip nav

UK public sector remains highly vulnerable to ransomware attack

recent events have demonstrated a clear need for more cyber vigilance and it’s an on-going battle in defending the public sector against cyber crime.

• Clearswift research reveals a lack of cyber security awareness among public sector workers, with almost half unaware of ransomware
• Despite significant post-WannaCry progress, ransomware remains a key threat to local and central government
• 77% of public sector workers have been given no instruction in how to recognise ransomware, seven in 10 say there is no cyber security expert in their organisation
• Need for more awareness only heightened in light of increasing volume of Covid-19 related cyber-attacks

19 May 2020, Theale, UK – A lack of awareness among public sector employees around cyber security is leaving it vulnerable to ransomware and other forms of cyber-attack, according to new research today from data security provider Clearswift, a HelpSystems Company.

The research with 1,000 public sector employees, revealed that almost half of respondents (47%) have either not heard of, or do not know what ransomware is, with 42% not having heard of, or what two-factor authentication (2FA) is. This lack of cyber security awareness is compounded by a lack of training – 77% of respondents have been given no instruction in how to recognise ransomware, while 16% have had no cyber security training whatsoever and 13% just once.

“The public sector has seen significant developments since WannaCry but these findings suggest that there is still progress to be made,” said Alyn Hockey, VP of Product Management, Clearswift, a HelpSystems Company. “As we’ve seen the volume and variety of cyber-attacks increase, especially during the coronavirus lockdown period, it’s an on-going fight for the public sector to stay protected and constant and incremental improvements are the key to success. The right technology is important of course, but of equal value is ensuring that employees are fully aware of cyber security best practice and that the right processes are in place to mitigate the risk.”

The research, ‘The Unknown Threat – Cyber Security in the UK Public Sector’ revealed that public sector employees were not all using the most up-to-date operating systems that help defend against cyber-attacks. 11% still use Windows 7 and 6% still use Windows 8, a key area of vulnerability if those systems have not been updated with the latest patch, as was the case with WannaCry. There is also a lack of access to experts who can advise on what to be aware of regarding cyber security - 68% say there is no dedicated cyber security expert in their organisation and only 12% have communicated with a cyber security expert in the last six months.

This is all compounded by working habits that can also leave the organisation more vulnerable to an attack. These include using unsecure file-sharing systems such as Dropbox or WeTransfer at least once a day (25%); personal USB sticks at least once a week (38%); checking personal email several times a day (51%) and using unauthorised devices at least once a day (33%).
However, there was more encouraging news should a public sector employee suspect they had become the victim of a cyber-attack at work. A majority of respondents (84%) said they would know what to do if that happened.

With the coronavirus crisis bringing increased cyber-attacks alongside many public sector workers working from home, the current period is an opportune time to address security vulnerabilities. Even as we gradually emerge from the pandemic, local government and the wider public sector is under pressure to maintain public services whilst also remaining secure, so it’s right to think about how that could be achieved.

“The UK public sector has put in place many of the processes required to defend against ransomware and other cyber-attacks,” continued Alyn Hockey, Clearswift. “But recent events have demonstrated a clear need for more cyber vigilance and it’s an on-going battle in defending the public sector against cyber crime. Communicating clearly about the dangers of ransomware and updating legacy operating systems would be a great start, ahead of a broader look at overall cyber security strategies.”

The Clearswift report – ‘The Unknown Threat – Cyber Security in the UK Public Sector’ – is available to download here.



About the research
The research was conducted with 1,000 UK public sector workers in local and central government by onepoll, between 9 and 13 March 2020.
For further information, please contact:
Paul Allen / Rise PR
07515 199 487 / paul@risepr.co.uk

About Clearswift
Clearswift, a HelpSystems Company, is trusted by critical national infrastructure organisations across the globe for advanced content threat protection and the highest level of defence against breaches through today’s digital communication channels. Clearswift technology supports a straightforward and ‘adaptive’ data loss prevention solution that gives teams the freedom to securely collaborate, whilst providing information security personnel with visibility and control of sensitive information flow.