Local government, the NHS and wider public sector need to have a better understanding of the threat of cyber security.
In a National Cyber Security Programme update report published today, the National Audit Office (NAO) revealed that, while the government has made good progress improving its understanding of cyber threats to national security, there is still room for improvement across the wider public sector.
The report stated there is a good understanding of the threat by central government, but this understanding “diminishes the further away organisations are from the centre”.
“Central government departments unused to dealing with national security or fraud-related threats and NHS and local government organisations have a more varied, but limited understanding of the threat and do not yet understand what would represent an appropriate level of threat protection,” said the report.
More on the National Cyber Security Programme
To mitigate this risk, the report stated the Cabinet Office has provided additional support for those departments at the greatest risk of fraud, such as HM Revenue & Customs and the Department for Work & Pensions.
The Cabinet Office has also included a wider number of central government departments participating in the National Cyber Security Programme for this year, including Department for Transport, the Department of Health and the Department for Environment, Food and Rural Affairs.
The National Cyber Security Programme
When the government announced its intentions to create a cyber security programme in 2010, £650m was allocated over four years to close the gap between the ‘requirements of a modern digital economy and the rapidly growing risks associated with cyber space.’ The Chancellor of the Exchequer also announced an extra £210 million investment after the 2013 spending review.
This summer, GCHQ certified six masters degrees focused on cyber security, as part of the National Cyber Security Programme.
The NAO report said the government is continuing to make good progress in implementing the programme, which is helping to build capability, mitigate risk and change attitudes, as well as taking advantage of opportunities for economic growth. The programme is even on track to spend its budget of £860m by March 2016.
“But cyber threats continue to evolve and the government must increase the pace of change in some areas to meet its objectives,” said the report.
Meanwhile, the report says that, while the government has made some progress encouraging businesses and citizens to protect themselves against cyber attacks, communicating guidance to small to medium sized enterprises has been limited.