Wednesday 25th January 2012.

Last year it was estimated that cybercrime cost the UK economy £27bn. Although the lion’s share of that was born by attacks on business (£21bn), government and the citizen were also affected by rising levels of cybercrime at an estimated £2.2bn and £3.1bn respectively.

Typically, warnings of cybercrime have concentrated on the impact to businesses and the threat to the UK’s critical national infrastructure. Now however, the threat has spread to local government and the NHS.

A new survey by PricewaterhouseCoopers suggests that public sector organisations now believe cybercrime is a growing threat to their data and reputation.

The report, ‘Fighting Fraud in Government’, shows that more than one in four of the 180 organisations polled worldwide expect to fall victim to a cybercrime attack in the coming year. 28% of public sector respondents believe they are likely to suffer a cybercrime attack in the next 12 months and 14% reported having actually experienced a cybercrime attack in the last year. The significant amounts of personal and confidential data held by central and local government and within the NHS means that public sector organisations are a prime target for attack, and cannot ignore the risks.

The survey also reports however that although over half of public sector organisations have in-house capabilities to detect cybercrime, most don’t have the resources to investigate it and are reliant on external investigators. Nearly half of the organisations surveyed either don’t have, or are not aware of having emergency shutdown procedures in place, which are crucial in the first few hours of a cyber-attack.

Worryingly, the statistics indicate that the most senior people within public sector organisations are still not placing enough emphasis on the importance of managing the real threats that cybercrime frauds present to their organisations, with nearly half of boards not reviewing the threat more frequently than annually.

This is an issue close to our hearts at Trustmarque as we work with a number of organisations to help improve end-user education and work with organisations in both the private and public sector to minimise the threat of cybercrime to their organisations.

We advise public sector organisations should:

• Review how prepared the organisation is for a cybercrime attack – unlike traditional economic crime, new risks are emerging all the time which means the organisation continually needs to adapt its defensive procedures
• Get senior management involved – senior management needs to be aware of the risks to your organisation
• Understand the current and emerging cyber landscape – only then can you make well-informed decisions and do the right things at the right times
• Set up a cyber incident response team that can adapt quickly to track, risk-assess and deal with an incident as soon as it is spotted anywhere in the organisation

While the threat posed by cybercrime in the public sector is significant, technology such as data encryption, data loss prevention, protective monitoring, vulnerability management and a range of managed and Cloud-based services can provide the protection needed when combined with effective organisational control.

Data is the lifeblood of the public sector and all organisations must step up their efforts to mitigate risk and maintain data integrity. After all, the easiest way to lose public trust and reputation is if you allow your data to be compromised. If you would like to find out more about how Trustmarque can help your organisation, please contact our specialist Information Security consultants on 0845 2101 500.