Exploring a new role for cybersecurity in UK government transformation

New Business Manager, BAE Systems Applied Intelligence Read time: 3 mins
A new study commissioned by BAE Systems Applied Intelligence has revealed that cybersecurity is both a major driver of IT modernisation and a significant barrier to adoption. Lorna Rea explains how the way forward will require a delicate balancing act - to manage cyber risk effectively, without hindering innovation and collaboration
Exploring a new role for cybersecurity in UK government transformation The pandemic has done much to change the way we live and work. But its most disruptive impact has arguably been on the relationship between the state and its citizens. Governments have been forced to take a far more proactive role over the past year than many have been used to — putting tremendous strain on their IT infrastructure. Fortunately, the UK has one of the most digitally advanced central governments in the world(1). Yet there are always improvements to be made.
 
A new study commissioned by BAE Systems Applied Intelligence has revealed that cybersecurity is both a major driver of IT modernisation and a significant barrier to adoption. The way forward will require a delicate balancing act — to manage cyber risk effectively, but not in a way that leaves departments without the tools they need to innovate and collaborate.
 

A great leap forward

In many ways, the pandemic showed us just how quickly things can move in central government when the need is urgent enough. Departments delivered 69 new digital services by the end of May 2020, and repurposed many more to good effect, to support the populace at a time of crisis(2). However, driving forward cybersecurity improvements with the same kind of urgency is more difficult. Yes, tackling security vulnerabilities was ranked by respondents as a top-two driver for digital transformation in government. But there’s never been a catastrophic, globally relevant incident to persuade Whitehall to prioritise cyber investment.
 
However, two recent threat campaigns should be concerning for any civil service leaders:
  • The SolarWinds attacks: notable for its scale, sophistication and determination. National security has never been more precarious when state actors are capable of this(3)
  • Microsoft Exchange Server attacks: highlighting the challenges of running legacy software, and the rapid way in which APT groups can pivot to exploit newly revealed zero-day threats on a global scale(4)
The government IT managers we spoke to are well aware of such threats. Vulnerabilities were cited by 75% as the reason for legacy upgrades, second only to performance improvements (76%). In fact, almost two-thirds (63%) said they’d experienced a security incident in the past six months, and over half of these (52%) came as a result of missing patches. Government organisations need effective, automated and risk-based patch management tooling to tackle this. But upgrading their legacy assets must come first.
 

Security as a barrier

Yet while security is a top reason for wanting to embark on IT modernisation projects, it was also cited as a top-two barrier to infrastructure upgrades (68%), second only to integration issues (69%). The IT security function has a traditional reputation of being a block on innovation. It seems this is well-deserved, in the public sector at least.
 
It would be cruelly ironic if departments are indeed being exposed to unnecessary extra cyber risk because their own security teams are standing in the way of modernisation. So what’s the answer? Breaking down traditional IT-security siloes must be top of the list. This may be easier said than done, but improving internal communication flows is a useful first step towards progress. Nearly half (45%) of respondents also want to review current cyber risk management strategies to ensure they have the right balance between security and productivity.
 
This too makes sense: every organisation has a different risk appetite. It’s time for central government departments to recalibrate their own. Perhaps this will empower security teams to be more adaptable — supporting digital transformation whilst ensuring that projects don’t cross any red lines on cyber risk.
 

Learn more about turning legacy IT into opportunity
Stay up to date and subscribe to get our latest Government Insights

 
Legacy IT: Turning Legacy into Opportunity insights tile

Download our research

Cyber Security - A help or hindrance to public sector digital transformation?

A new study commissioned by BAE Systems Applied Intelligence has revealed that cybersecurity is both a major driver of IT modernisation and a significant barrier to adoption. The way forward will require a delicate balancing act.
Find out more
About the author
Lorna Rea is New Business Manager, Central Government BU

(1) UK claims number 2 spot in OECD digital government rankings, Jessica McEvoy, GDS (16 October 2020)
(2) Digital government during the coronavirus crisis, Institute for Government (accessed 11 March 2021) 
(4) Exchange servers under siege from at least 10 APT groups, Matthieu Faou, Mathieu Tartar, Thomas Dupuy, ESET (10 March 2021)
 
 
 
top
Lorna Rea New Business Manager, BAE Systems Applied Intelligence 20 May 2021