Chris Dimitriadis, chief global strategy officer at ISACA (Information Systems Audit and Control Association) on how public sector organisations can protect themselves from cyber threats
Public sector organisations in the modern digital economy face an ambitious task in earning – and maintaining – people’s trust. Recent events like high-profile security breaches involving senior government officials, and the ransomware attack on Hackney Council, have fed into a growing distrust in many institutions. And with heightened scepticism about how well-equipped organisations are to protect personal data, building a trusted public relationship is more challenging than ever.
The only path forward is for organisations to make strengthening digital trust – defined by ISACA as “the confidence in the integrity of relations, interactions and transactions among providers and consumers within an associated digital ecosystem” – a central priority, and to strategically work through all obstacles that could impede this pursuit.
What specifically is preventing public bodies from achieving digital trust? According to ISACA’s State of Digital Trust 2022 survey report, the top obstacles are a lack of staff skills or training, lack of alignment of digital trust and strategic goals, lack of leadership buy-in, and lack of budget. Let’s look at each of these areas to see how public bodies can work through these obstacles to achieve digital trust.
Lack of staff skills and training
Many of the digital trust fields – areas such as cybersecurity, privacy, IT audit, risk management and IT governance – face critical staffing shortages, as the labour supply in those areas often does not keep pace with public sector demand. But in many cases, organisations can find the right employees by being less rigid about criteria for filling these roles. They can then reduce the skills gaps by providing ongoing training and supporting relevant professional certifications while on the job.
Organisations also need to strongly promote a culture of collaboration among these professionals. Digital trust cannot be achieved with a siloed approach – security and privacy professionals must support each other’s work and ethical considerations related to emerging technology implementations must be considered cross-functionally.
Lack of alignment of digital trust and strategic goals
Digital trust is so critical for public sector organisations to succeed that it must be baked into strategic goals from the outset, instead of only being considered once goals already have been established. People rightly expect public bodies to demonstrate urgency in putting plans into action but failing to ensure the necessary security measures are in place can undermine commitments to serve the community. Taking process shortcuts in the name of a near-term goal is likely to lead to a long-term problem that could erode trust with the public and key stakeholders.
Lack of leadership buy-in
While public sector leaders may not understand all the intricacies of the threat landscape or data privacy regulations, they should understand how building and sustaining trust with the public is necessary to achieve their goals.
If that is not the case, digital trust champions such as chief information security officers, data privacy officers and risk leaders should engage organisational leaders by communicating in clear, business-focused language what the business risks are of failing to prioritise digital trust.
Too often there is a disconnect between organisation leaders and technology functions in the language that they speak. Framing these conversations around building digital trust can be an effective way to bridge that divide and gain leadership buy-in.
Lack of budget
Prioritising digital trust inevitably requires a significant investment in staffing, tools and ongoing training and professional development for employees. While the public sector is often burdened by budget constraints, the risks of failing to make the necessary security investments must be carefully considered.
Public sector organisations are an attractive target for cyber criminals due to the sheer volume of personal identifiable information they hold. And while the tactics employed by bad actors are becoming more sophisticated, many organisations are increasingly at risk due to outdated technology, systems, and processes. As we have seen in the fallout of the ransomware attack on Hackney Council, huge investments in time, money, and resources are required to recover from such an incident, but budgets can be better managed when proactive steps are taken in anticipation of threats.
Overcoming the obstacles
While there is much progress to be made, each of the above obstacles can be addressed through commitment from public sector leaders and a renewed commitment to cross-functional collaboration.
Without earning and preserving trust from the public and other stakeholders, no amount of digital innovation will be enough for modern enterprises to remain competitive. Whatever factors might currently be holding organisations back from driving toward digital trust must be identified and overcome to set a foundation for sustainable success.