UK Public Sector Remains Highly Vulnerable to Ransomware Attacks | Press Release

UK Public Sector Remains Highly Vulnerable to Ransomware Attacks

  • Clearswift research reveals a lack of cybersecurity awareness among public sector workers, with almost half unaware of ransomware
  • Despite significant post-WannaCry progress, ransomware remains a key threat to local and central government
  • 77% of public sector workers have been given no instruction in how to recognize ransomware, seven in 10 say there is no cybersecurity expert in their organization
  • Need for more awareness only heightened in light of increasing number of Covid-19 related cyber-attack
Posted on May 19, 2020

19 May 2020, Theale, UK – A lack of awareness among public sector employees around cybersecurity is leaving it vulnerable to ransomware and other forms of cyber-attack, according to new research today from data security provider Clearswift, a Fortra Company.

The research with 1,000 public sector employees, revealed that almost half of respondents (47%) have either not heard of, or do not know what ransomware is, with 42% not having heard of, or what two-factor authentication (2FA) is. This lack of cybersecurity awareness is compounded by a lack of training – 77% of respondents have been given no instruction in how to recognize ransomware, while 16% have had no cybersecurity training whatsoever and 13% just once.

“The public sector has seen significant developments since WannaCry but these findings suggest that there is still progress to be made,” said Alyn Hockey, VP of Product Management, Clearswift, a Fortra Company. “As we’ve seen the volume and variety of cyber-attacks increase, especially during the coronavirus lockdown period, it’s an on-going fight for the public sector to stay protected and constant and incremental improvements are the key to success. The right technology is important of course, but of equal value is ensuring that employees are fully aware of cybersecurity best practices and that the right processes are in place to mitigate the risk.”

The research, ‘The Unknown Threat – Cybersecurity in the UK Public Sector’ revealed that public sector employees were not all using the most up-to-date operating systems that help defend against cyber-attacks. 11% still use Windows 7 and 6% still use Windows 8, a key area of vulnerability if those systems have not been updated with the latest patch, as was the case with WannaCry. There is also a lack of access to experts who can advise on what to be aware of regarding cybersecurity – 68% say there is no dedicated cybersecurity expert in their organization and only 12% have communicated with a cybersecurity expert in the last six months.

This is all compounded by working habits that can also leave the organization more vulnerable to an attack. These include using unsecure file-sharing systems such as Dropbox or WeTransfer at least once a day (25%); personal USB sticks at least once a week (38%); checking personal email several times a day (51%) and using unauthorized devices at least once a day (33%).

However, there was more encouraging news should a public sector employee suspect they had become the victim of a cyber-attack at work. A majority of respondents (84%) said they would know what to do if that happened.

With the coronavirus crisis bringing increased cyber-attacks alongside many public sector workers working from home, the current period is an opportune time to address security vulnerabilities. Even as we gradually emerge from the pandemic, local government and the wider public sector is under pressure to maintain public services whilst also remaining secure, so it’s right to think about how that could be achieved.

“The UK public sector has put in place many of the processes required to defend against ransomware and other cyber-attacks,” continued Alyn Hockey, Clearswift. “But recent events have demonstrated a clear need for more cyber vigilance and it’s an on-going battle in defending the public sector against cybercrime. Communicating clearly about the dangers of ransomware and updating legacy operating systems would be a great start, ahead of a broader look at overall cybersecurity strategies.”

The Clearswift report – ‘The Unknown Threat – Cybersecurity in the UK Public Sector’ – is available to download here.


About the research

The research was conducted with 1,000 UK public sector workers in local and central government by onepoll, between 9 and 13 March 2020.

About Clearswift

Clearswift’s content-aware, policy based solutions enables defense, government, healthcare and financial services organizations across the globe to manage and maintain no-compromise data, email, cloud and web security.

MRB Public Relations
+1 732 758 1100
[email protected]

C8 Consulting
+44 118 334 0220
[email protected]

Recent News
January 12, 2023

In this IT Security Wire article, cybersecurity experts Eric George and Tom Gorup share their 2023 cybersecurity predictions.

September 2, 2022

MINNEAPOLIS (September 1, 2022)—Fortra announced today the acquisition of Outflank, a well-regarded IT security leader with de

July 21, 2022

Fortra employee, Ciaran Rafferty shares his thoughts on everything from cybersecurity trends to the future of email security in this interview with Intelligent CIO. 

April 12, 2022

MINNEAPOLIS —April 8, 2022—Fortra announced today the acquisition of Terranova Security, a leader in global phishing simulation and security awareness t

March 9, 2022

Managed detection and response (MDR) forms new cornerstone of Fortra's cybersecurity portfolio