The modern-day threat landscape is constantly changing and growing in sophistication. Cybersecurity is in the media headlines every day and it’s a focus for discussion at board level. The majority of global organizations struggle to identify and fully protect mission-critical assets from cyber-attacks. And the public sector faces even greater challenges due to a lack of funding and competition with the private sector to hire and retain the best cybersecurity talent.
Based on current cybersecurity trends (as highlighted at RSA, NASCIO, NGA and other forums), as well as results from Accenture’s Public Service Pulse survey, I see public service leaders having two main cybersecurity challenges front of mind.
The first stems from the fast-growing and increasingly complex security service-provider ecosystem. Finding the right cybersecurity solution is getting harder, not easier. The second is in no way limited to public service organizations. It’s endemic nowadays: let’s call it ‘cyber-insecurity’, heightened citizen concern for the privacy and security of the data they share, whether that data is shared with government agencies or private sector organizations.
It’s an issue I’ll be examining in this short blog series by asking (and answering) some key questions. In a public service context, what’s at the root of this insecurity? What are the priorities for building citizen confidence? And what practical steps can agencies take now to improve data security and privacy?
Accenture’s Public Service Pulse Survey research highlights citizens’ level of insecurity. We found that 79 percent of US citizens are concerned about the privacy and security of their personal data. A similar number (74 percent) lack confidence in government’s ability to keep their data private and secure. None of this should be surprising. The threat landscape for all organizations is constantly mutating. Attack surfaces are expanding exponentially. And increasingly well-funded, sophisticated and far-reaching attacks are the norm.
Government data security (or lack of it) is headline news. We now know that more than 700,000 social security numbers were stolen from the IRS in their 2015 data breach. More recently, we’ve heard about entire state services being shut down in ransomware attacks, along with serious tax and health data breaches in some US states.
Forty percent of government leaders in our research admitted their organizations had experienced a cybersecurity breach. And most of them (90 percent) are extremely concerned about the privacy and security of personal digital data. That’s understandable. With budgets under pressure, it’s harder than ever for them to attract and retain the cybersecurity skills they need. On top of that, many are dealing with legacy systems that are at least 20 years old. Even if finances were available, these systems can’t be transformed overnight.
So where to begin? Drawing on our research, we’ve identified four priorities for agencies seeking to confront the cyber insecurity challenge. First, balance security requirements with citizen convenience. We know that the majority of citizens would be willing to sacrifice some convenience for increased data security. Specifically, they expressed support for measures including additional login questions and greater use of emerging technologies like biometrics. Clearly, government leaders should not shy away from introducing additional security requirements. Citizens will back them, provided their data security improves.
Next, create a ‘security first’ culture across the organization. Agencies need to work with their suppliers and partners to ensure that security is applied holistically. As new technologies proliferate and combine rapidly into linked, interdependent chains, all too often we see security limited to the devices used by citizens and agency staff. It needs to go much deeper. Security has to be embedded into the software application layer, as well as into devices, platforms and networks.
Third, harness digital citizen support. Of all the demographics in our research, millennials expressed the greatest confidence in government’s ability to protect their data. Agencies can build on this confidence through actions that ensure data privacy as they build out new digital service delivery. And last, focus on developing and delivering new cyber protection services. A majority of citizens said their confidence in government cyber security would be boosted by the availability of services like secure digital identities and regular security health-checks.
Government agencies face some very significant cybersecurity challenges. But it’s encouraging that there’s such strong citizen support for the enhanced security measures that need to be introduced. In my next blog, I’ll be taking a closer look at five key investments that governments can make today to improve their data protection and foster citizen trust.
Thanks for reading.
See this post on LinkedIn: High anxiety, low confidence: what’s driving citizens’ cyber-insecurity, and how can it be overcome?