Cyber risk (1/5) - The local government context
March 1, 2019
Part one of the Cyber Risk report.
Effective cyber resilience relies upon an organisation’s ability to take an integrated and ‘whole system’ approach to protection, including clear and effective cyber governance, training and testing practices. This encompasses much more than just good security. IT leaders need to promote a broad definition of ‘cyber’ within their own and partner organisation’s to help create a culture of unified cyber accountability.
Success in cyber planning in councils depends on many teams of
specialists working together; emergency planners, business continuity service managers, IT disaster teams, and day-to-day vigilance of staff. Strong IT leadership and technology protection may be the first and last line of defence, but is only part of the rang of measures in cyber resilience. Only in this way can councils protect their communities, citizens and services from changing and growing cyber threats.
The `Wannacry’ incident in 2017 demonstrated the rapid knock-on
impact that a major cyber incident can have across multiple services, agencies and communities, as well as the value of having appropriate action plans in place to respond when (not if) an incident materialises. Cyber resilience planning in 2019 therefore has to form part of wider risk management, emergency planning and business continuity arrangements, not just information and data protection in public services.
Part one of our five-part series looks at how to define cyber resilience to ensure a broad-based perspective in the face of potential risks faced by councils in particular, and wider society in general. How do IT leaders champion the introduction of new technology, while managing the inherent cyber risks that comes with it?