Spread the loveGrowth of personal dataThe public sector holds ever more personal data through the digital delivery of services that are critical for people’s lives. As this expands so does the potential threat to systems and services; well beyond any financial cost, the individual consequences could be devastating. This isn’t a static issue. As more innovative technologies become available and potentially integrated into local governments, the process of thinking about and preparing for problems needs to develop at the same pace.This combination of vulnerability and consequent civic impact makes public services a growing target for criminals, since major disruption creates opportunity for secondary crime, as well as publicity for extremist causes.Responsibility for risk assessmentCyber resilience planning needs to be incorporated into wider emergency planning and business continuity arrangements for public organisations, beyond perimeter IT defences and data protection.Typically, IT teams manage “traditional” security. But just as everyone needs to be aware of spam, potential viruses, phishing etc. our digital professional and personal lives mean this cannot be the responsibility of technical groups alone. In-depth expertise is not required. But it does mean senior managers must be competent in understanding and prioritising cyber risk and that those with responsibility for corporate risks, business continuity and emergency planning are closely working with their IT colleagues.How can we start to tackle this issue?The range of risks and benefits need to be identified. A digitally mature public service organisation will have defined its digital ambitions carefully, aligned with risk appetite. If ‘cyber’ is defined too narrowly in that context, or left to IT to deal with, the wider impacts, both positive and negative, may be missed.Managing this requires effective training, support and awareness outside of the IT department. Tools can assist in widening awareness and skills, stimulating cultural change in cyber attitudes and practice. As digital models become the norm, the public sector also has a responsibility to set a lead in digital standards and practice. Supporting this ongoing development is central to the purpose and ambition of the BCS.The complete article by Jos Creese is available in the summer 2019 edition of BCS IT Now. IT Now is the membership-only, quarterly publication of the BCSFind out more about membership of the BCS and how they can help you identify and minimise risk.Tags: cyber security, public services, risk assessmentPrevious ArticleDigital citizens’ survey: please share with your residentsNext ArticleWorkplace mental health: how can managers help?