Ransomware attacks hit 63% of UK government bodies
New research conducted by cyber security company Bridewell has found that 63% of businesses in the government sector have experienced a ransomware attack over the past 12 months. This data was collected through a survey of 521 staff members responsible for cyber security at various UK critical national infrastructure (CNI) organisations, including sectors such as civil aviation, energy, transport, finance, and central government.
The study reveals that ransomware attacks pose significant threats to government bodies. Failures to adequately handle these threats potentially lead to the theft of data that can influence elections and encourage activity from hostile nation-state groups. Additionally, 36% of government organisations surveyed cited data loss as a primary consequence of a ransomware attack, with 29% reporting financial losses.
Phishing attacks were also found to be widespread across the sector, with an average of 16 incidents per year per organisation. This dual-threat environment is placing immense pressure on the industry to ramp up its cyber defences and response strategies.
Despite the serious nature of these threats, the government's response time to cyber incidents is deemed slow. The average response time to ransomware attacks is just under six hours. However, responses to nation-state attacks are quicker, averaging 3.84 hours. This urgency in responding to nation-state threats correlates with the increased activities of Russian, Chinese, Iranian, and North Korean-affiliated threat actors, particularly following heightened tensions from the Russia-Ukraine and Israel-Palestine conflicts.
In light of these challenges, the government sector is actively enhancing its cyber security measures. Bridewell's research indicates that 99% of government bodies are already utilising AI-driven tools, including network behaviour analysis and automated penetration testing and vulnerability management. Furthermore, 43% of government organisations anticipate higher IT security spending compared to the previous year.
Anthony Young, Chief Executive Officer of Bridewell, commented on the findings, saying, "Government organisations play a crucial role in the wellbeing of their citizens. But ransomware and phishing attacks are having a detrimental impact, and lengthy response times are only adding to the damage caused. With nation-state attacks also posing a significant threat, the sector must fortify its cyber defences with incident response and reporting, defined risk management practices, regular audits and training programmes to future-proof its operations. It's promising that the sector is already adopting AI-driven solutions and planning to invest more in cyber security in order to do so."
The survey underscores the pressing need for enhanced cyber security protocols within the government sector. As cyber threats continue to evolve and grow more sophisticated, the importance of rapid response times, efficient incident management, and proactive measures cannot be overstated. With increased investment in AI-driven tools and a focus on adopting robust security solutions, the government sector aims to strengthen its defences against future cyber threats.