Many government leaders are not informed and familiar with technology, according to Scott Borg, director and chief economist at the US Cyber Consequences Unit, an independent research institute.
“This leads to wrong decisions, such as investing in technology solutions that are useless, or financing research that will never produce results,” he told FutureGov.
According to Borg, leaders also often confuse the main cyber security roles government has to fulfil by having the same people or organisations perform all the roles at the same time.
These roles include helping critical infrastructure industries defend themselves against cyber attacks, protecting citizens from cyber attacks, and protecting government itself to ensure continuity and trust.
Graeme Stewart, director of UK public sector strategy at security firm McAfee, said Borg’s comments highlight a worrying lack of cyber security skills among government leaders.
Read more about cyber skills
“There is no bigger indicator of a cyber security skills crisis than the world’s most prestigious security agencies struggling to compete for staff,” he said.
According to Stewart, there has never been more pressure to address the cyber security skills gap, with the UK government driving its own digital transformation agenda and cyber security being reclassified to a tier-one national security threat.
Borg also pointed out how crucial it is to secure the supply chain for critical national infrastructure.
“With the UK government opening doors for more small and medium-sized enterprises to become suppliers to the G-Cloud, and an influx of international players, it is critical that security is applied at every level of the supply chain,” said Stewart.
Read more about supply chain security
- UK defence industry to fast-track supply chain security
- IT manufacturers fight cyber espionage risks in the supply chain
- RSA Europe: Security concerns whole supply chain, says Misha Glenny
- Security Think Tank: Measuring security maturity in the supply chain
“Ultimately, governments must take responsibility for the security of the supply chain, but in part this should be about educating and supporting the full ecosystem of businesses involved,” he said.
Stewart believes the principle of “security by default” should be embedded alongside “digital by default” as a cornerstone of UK public services, rather than the afterthought it has often been in the past.