Insights from Public Sector Leaders: Understanding the State of Security and Lessons learned


et’s start with this: Global research shows over half of organisations have had a data breach, and 62% suffer from unplanned downtime on a monthly basis. 

The recent research figures are a stark reminder of the prevalence and current nature of security threats. It may not come as a surprise to those who follow the constant stream of media reports detailing mistakes and malicious attacks.

For cybersecurity professionals, the task of protecting organisations from an ever-growing and advanced range of threats is a challenging one. Detecting an attack or mistake and realising the potential impact and consequences can be an indescribable feeling that leaves a deep pit in one's stomach. While no one should have to experience this, security professionals live with this reality 24/7. They deserve respect for their dedication and commitment to keeping our data and systems safe.

This is particularly relevant for those working in the public sector. Having worked in this field myself, I understand the deep connection that exists between public servants and the communities they serve. There is an unwavering commitment to providing the best and most resilient services possible.

However, with the rapid pace of digitisation, the meaning of resilience has evolved from the time when services were paper-based and always had a person at the end of them. Nowadays, the public interacts and utilises digital services for tasks such as ordering passports, booking train tickets, reporting crimes, and submitting tax returns. Therefore, it is imperative for public sector organisations to ensure that their digital services are secure, reliable, and resilient to ensure that citizens can access the services they need without interruption or compromise - building much needed confidence and trust.

So what does the research tell us about the state of security across public sector organisations?

Public sector organisations face a unique challenge in keeping up with the evolving threat landscape. They struggle more than other industries with meeting cybersecurity requirements (68% versus 52%) and staying on top of security alerts (34% versus 23%). Looking a bit deeper, a recent education audit showed that 78% of schools said they had experienced at least one of the types of cyber security incidents mentioned in the audit which shows the ever constant threat. In particular, ransomware attacks continue to increase across the sector.

There are two primary reasons for this struggle. First, 89% of public sector organisations report experiencing one or both of the following: security tool complexity and lack of human resources. These challenges can make it difficult for public sector organisations to effectively manage their cybersecurity programs.

Despite these challenges, public sector organisations may benefit greatly from intelligent automation, even though they report more cynicism towards AI's ability to help. This is because their average mean time to respond (MTTR) is longer at 22.3 hours compared to the 15.1 hours of other industries. Implementing intelligent automation can help public sector organisations to streamline their incident response processes, reduce MTTR, and better defend against cyber threats.

To address these challenges, a clear and comprehensive strategy is essential. However, the research indicates that there is still much work to be done in this area.

Only 31% of organisations (private and public) report having a formal approach to cyber resilience that has been implemented organisation-wide across critical systems. Additionally, just 38% have a resilience strategy in place, but only in certain areas of the organisation. Shockingly, 31% have yet to implement any resilience strategies at all.

These findings highlight the urgent need for organisations to develop and implement comprehensive cyber resilience strategies. Such strategies should be organisation-wide and must include critical systems. Without such strategies in place, organisations are at significant risk of falling victim to cyber attacks and suffering serious consequences such as data breaches, service disruptions, and reputational damage.

However, there are signs of change.

Organisations are increasingly prioritising resilience and agility in order to effectively address new and persistent challenges. One way they are doing this is by combining cyber resilience efforts with traditional business continuity and disaster recovery planning. In fact, over half (51%) of respondents reported planning solutions and investments that merge these two areas.

Another approach to enhancing resilience is to converge security operations with other functions and increase collaboration. The research found that 81% of Security Operations Centers (SOCs) are collaborating more with IT operations, while 69% are collaborating more with digital experience teams and application development teams. Additionally, 61% of SOCs are collaborating more with observability teams. By integrating security with other critical functions within the organisation, SOCs can improve their ability to identify and respond to threats in a more coordinated and effective manner.

Collaboration is key in achieving resilience, and data plays a crucial role in this process.

An overwhelming 91% of respondents in the survey agreed that better capture and analysis of detection data is one of the most effective tools to prevent successful ransomware attacks.

Ryan Kovar, Distinguished Security Strategist for Splunk and Leader of SURGe, emphasised the importance of collaboration in building resilience. "In the organisations we’ve worked with, resilience has been strongest with a collaborative approach in everything, from software development and infrastructure monitoring to business continuity planning," he said. "This approach brings everyone to the table, including security leaders with IT and business leaders, so they all can focus on protecting the organisation."

For more insights and recommendations, download the State of Security 2023 Report here.


Sean Price
Posted by

Sean Price

Sean is an innovative and successful industry leader in analytics, delivering transformational and award-winning solutions across public sector and healthcare.

Sean is currently Splunk’s Public Sector and Healthcare Strategist, covering the EMEA region. With a 25+ year industry knowledge base developed, combined with experience of delivering analytics solutions across different countries, Sean regularly delivers international thought leadership, eventing and customer engagement. Sean is passionate in supporting both external and internal customers with industry strategy and solutions that really make a difference to public services.

Prior to Splunk, Sean has worked in a number of senior industry roles and spent nearly 20 years in a senior police role where he led digital transformation. 

Outside work Sean spends most of his time with his family, friends and his special buddy AI Dog. Sean also loves keeping fit with regular sporting activities such as tennis and the gym.