Policy shortfalls put public sector cybersecurity at risk, warn 68% of UK IT leaders

Cyber Assessment Framework promises transformation, but IT leaders demand more organisational funding to move cyber from being a “tick box” exercise.

  • Thursday, 27th February 2025 Posted 1 year ago in by Phil Alsop

Findings released by Trend Micro, a global cybersecurity leader, exposes fundamental weaknesses in UK public sector cyber defences as 64% of IT leaders say they don’t have a concrete view of what best practice looks because there are too many governing bodies and procedures to follow.

The research, which surveyed 250 IT public sector leaders with cyber security responsibilities, finds that consequently, 31% admit their cyber defences are weakened by unclear internal policies, while 24% say they’re concerned this lack of best practice could directly lead to a cyber incident or data breach.

Despite several cyber initiatives existing in the UK such as, they fall short of the expectations and needs of IT leaders. Two-thirds (68%) warn that current Government policies still don’t go far enough in setting minimum security standards for delivering public services or their suppliers. Half also call out that the G-Cloud Framework “isn’t fit for purpose” in helping them choose vendors with robust cyber credentials.

The CAF: A promising initiative, only if the Board prioritises cyber

IT leaders are optimistic about the emergence of the new Cyber Assessment Framework in driving best practice and plugging some of the current weaknesses. An overwhelming 80% see it as a critical vehicle for ensuring resilience, such as by benchmarking cyber risk and helping them work with the right partners.

However, although 38% are racing to meet these standards within the next two years, there are hurdles in the way that may make the journey harder. Half of IT leaders say they are too focused on managing immediate cyber threats to develop a comprehensive strategic cyber plan (49%), while 48% lack the funds to invest in essential security awareness and training procedures needed to build a cyber-resilient workforce.

Perhaps most troubling is the revelation that cybersecurity still hasn’t earned its place at the top table. More than half (52%) of respondents report their boards still treat cybersecurity as a mere "tick-box exercise" rather than a business-critical operational concern. In response, 39% of IT decision-makers are calling for cybersecurity to be recognised as a business-critical risk with corresponding funding allocation.

Jonathan Lee, UK Cybersecurity Director, Trend Micro comments: "Recent cyber-attacks have exposed the vulnerability of our public services – from compromised streetlight systems in local councils to ransomware attacks on NHS suppliers resulting in stolen patient data and potential clinical harm to patients. The Synnovis ransomware attack, which led to thousands of cancelled and delayed blood tests, is a stark reminder that cyber incidents aren’t just about data, they have real-world, life-altering consequences. When 68% of UK IT leaders tell us Government policies fall short and over half report cybersecurity is treated as a tick-box exercise, we're looking at a systemic problem that demands urgent attention."

Hexaware Technologies launches Tensai for Reasoning Ops, a platform developing IT operations by integrating reasoning with automation to enhance...

NinjaOne expands into Japan to enhance IT landscape

Posted 2 hours ago by Katy Hill
NinjaOne is broadening its global reach by entering the Japanese market, offering enhanced support and IT integration solutions.

AI's rise in business: opportunities and challenges

Posted 20 hours ago by Katy Hill
As AI adoption grows in importance, businesses face challenges but aim for balanced, trustworthy integration.
Simon Whatley steps up as General Manager at IPCortex, aiming to develop partner relations and enhance communications solutions.
Wasabi Technologies launches a new initiative, Impact Circle, aimed at partners and MSPs to reduce emissions from cloud storage using curated carbon...

Nissan Stadium teams up with Extreme Networks

Posted 1 day ago by Sophie Milburn
Tennessee Titans partner with Extreme Networks to elevate fan experience through advanced Wi-Fi 7 infrastructure at Nissan Stadium.
Hexaware Technologies has become an Anthropic Authorised Reseller for Amazon Bedrock, expanding its portfolio of enterprise AI services.

NAKIVO expands its reach in Italy with ICOS partnership

Posted 1 day ago by Sophie Milburn
NAKIVO partners with ICOS to enhance its distribution of data protection solutions across Italy, aiming to tap into the dynamic Italian SMB and...