Public sector organisations vulnerable to cyber attacks

By Dylan Bushell-Embling
Tuesday, 30 July, 2019

Public sector organisations vulnerable to cyber attacks

Nearly half of security professionals at public sector organisations across seven markets including Australia say attackers will breach their network every time they try, new research from CyberArk indicates.

A survey of security professionals in Australia, the UK, the US, France, Germany, Israel and Singapore found that 47% of public sector respondents have experienced at least one cyber attack that impacted operations during the past three years.

More than two-thirds (68%) of respondents from the sector admit that their organisation is susceptible to a carefully targeted attack.

The greatest public sector security risks are considered to be ransomware or malware (60%), phishing or other external attacks (57%), cloud security risks (42%), excess administrative privileges (41%), insider threats (41%), shadow IT practices (38%) and unmanaged privileged access (37%).

But while 81% of respondents agree that IT infrastructure and critical data are not fully protected unless privileged accounts, credentials and secrets are secured, only 45% have a privileged access security strategy in place for protecting business-critical applications, and only 41% have such a strategy for cloud infrastructure.

The report did find that public sector organisations are increasingly aware of cyber risks, with 78% of respondents stating that their organisation has prioritised cybersecurity as an important investment for the business.

But despite this, the public sector was the least prepared for complying with data breach notification regulations of all sectors covered in the report. For example, only 36% reported being prepared to issue a data breach notification within the 72-hour window mandated by the EU’s General Data Protection Regulation (GDPR).

In addition, 36% of public sector organisations would be willing to pay fines for non-compliance with major regulations but would not change security policies even after experiencing a successful cyber attack.

Image credit: ©

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related Articles

My Health Record privacy complaints spiked in 2018–19

Complaints to the Office of the Australian Information Commissioner related to the My Health...

LGPA calls for federal aid in tackling cyber threats

Local Government Professionals Australia has called on Canberra to adopt a five-point plan to...

Victorian hospitals infected by ransomware

A number of hospitals and health services in parts of Victoria have fallen victim to a ransomware...

  • All content Copyright © 2019 Westwick-Farrow Pty Ltd