Over six in ten (63%) businesses in the government sector have admitted to being on the receiving end of a ransomware attack in the past 12 months.
This is according to our latest CNI research, which has surveyed 521 staff responsible for cyber security at UK critical national infrastructure (CNI) organisations, encompassing civil aviation, energy, transport, finance and central government.
The Dual Attack Threat
Ransomware attacks have significant implications for government bodies. Failure to deal with these threats can lead to data being stolen that can influence elections and encourage nation-state activity from hostile groups. 36% of government organisations have cited data loss as a key consequence of a ransomware attack, alongside financial losses (29%).
In addition to the growing ransomware threat, phishing attacks are also widespread, averaging 16 incidents per year. The dual threat is putting immense pressure on the industry to enhance its cyber defences and response strategies.
Delayed Response
Given these significant consequences, the sector is struggling to react quickly to cyber incidents and mitigate the damage they cause. With ransomware attacks, the average response time is just under six hours. However, government responses to nation-state attacks (3.84 hours) are far quicker than the overall average among CNI organisations (11.49 hours). This is perhaps unsurprising as nation-state threats continue to escalate as Russian, Chinese, Iranian and North Korean-affiliated threat actors intensify their efforts, particularly in the wake of the Russia-Ukraine and Israel-Palestine conflicts.
Future-proofing Government Bodies
Despite these concerns, the sector is actively enhancing its cyber security measures. 99% of government bodies are already leveraging AI-driven tools, including network behaviour analysis and automated penetration testing and vulnerability management. Furthermore, 43% of all government organisations expect to spend more on IT security than last year.
“Government organisations play a crucial role in the wellbeing of their citizens. But ransomware and phishing attacks are having a detrimental impact, and lengthy response times are only adding to the damage caused. With nation-state attacks also posing a significant threat, the sector must fortify its cyber defences with incident response and reporting, defined risk management practices, regular audits and training programmes to futureproof its operations. It’s promising that the sector is already adopting AI-driven solutions and planning to invest more in cyber security in order to do so."
