Public sector organisations vulnerable to cyber attacks

By Dylan Bushell-Embling
Tuesday, 30 July, 2019

Public sector organisations vulnerable to cyber attacks

Nearly half of security professionals at public sector organisations across seven markets including Australia say attackers will breach their network every time they try, new research from CyberArk indicates.

A survey of security professionals in Australia, the UK, the US, France, Germany, Israel and Singapore found that 47% of public sector respondents have experienced at least one cyber attack that impacted operations during the past three years.

More than two-thirds (68%) of respondents from the sector admit that their organisation is susceptible to a carefully targeted attack.

The greatest public sector security risks are considered to be ransomware or malware (60%), phishing or other external attacks (57%), cloud security risks (42%), excess administrative privileges (41%), insider threats (41%), shadow IT practices (38%) and unmanaged privileged access (37%).

But while 81% of respondents agree that IT infrastructure and critical data are not fully protected unless privileged accounts, credentials and secrets are secured, only 45% have a privileged access security strategy in place for protecting business-critical applications, and only 41% have such a strategy for cloud infrastructure.

The report did find that public sector organisations are increasingly aware of cyber risks, with 78% of respondents stating that their organisation has prioritised cybersecurity as an important investment for the business.

But despite this, the public sector was the least prepared for complying with data breach notification regulations of all sectors covered in the report. For example, only 36% reported being prepared to issue a data breach notification within the 72-hour window mandated by the EU’s General Data Protection Regulation (GDPR).

In addition, 36% of public sector organisations would be willing to pay fines for non-compliance with major regulations but would not change security policies even after experiencing a successful cyber attack.

Image credit: ©

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related Articles

Exploring the subtleties of data sharing

Frameworks for data sharing, as opposed to data release, need to be developed to preserve...

US federal agencies have poor cyber risk management

The US Government Accountability Office (GAO) has uncovered major issues during an audit of 23...

Public sector mergers create significant cyber risks

The merger between or reshuffling of functions of two public sector organisations provides a...

  • All content Copyright © 2019 Westwick-Farrow Pty Ltd