Cyber Incident Response: Your last line of defence - get better prepared

Technology trends

Technologies set for adoption to enable insightful, resilient, responsive, accessible and available public services.

Authors and contributors: Martin Ferguson, Diana Rebaza, Yasmine Hajji, David Ogden

1. Artificial intelligence

Artificial Intelligence (AI) is the key technology trend of the moment. Barely a day goes past when we do not read about the amazing possibilities, or the significant new risks that this technology poses. 

Governments around the world are responding in different ways, including: the global conference on AI held in the UK in November 2023 at Bletchley Park and the recent UK Government action plan to make the UK a world leader in the AI sector, the EU AI Act and the US President’s Executive Order.

Meanwhile, Socitm facilitated a St George’s House consultation on the threats and opportunities presented by AI for local public services and established the one-stop AI@Socitm hub. 

Generative AI (creating new insights or materials from data on which the AI tool has been trained) and large language models (LLMs) promise huge value to the public sector, creating a radical shift in how connected data sets can be analysed, summarised and used. This offers a potential key to unlocking productivity within the public sector beyond traditional borders of responsibility and organisation. 

Many organisations are already using AI embedded in existing applications and office tools and are starting to explore new potential applications. Socitm, and most digital leaders, see AI as a transformational force for good if the risks are managed and other concerns addressed. 

“At a time when we are trying to further develop and revamp the area, VivaCity’s sensor’s data is crucial in helping optimise travel and safety for all.”

Dean Hubbard, project engineer for Dudley Metropolitan Borough Council

Despite the hype, it is nonetheless difficult to predict the pace of AI adoption in the public sector. According to the Public Attitudes to Data and AI: Tracker survey, “The public is optimistic about the potential for AI to streamline everyday tasks, and to improve key public services including healthcare, policing, and education. Nonetheless, a spectrum of risks is recognised by the public. Most notably, there is widespread concern that AI will displace jobs, particularly among non-graduates, and that AI will erode human creativity and problem-solving skills.”

Alongside unquestionable opportunity, there are risks that will need to be addressed (such as made-up content – so-called hallucinations – bias and new cyber threats) and the pace is likely to be dictated by two factors identified in this research:

  • The capability and capacity to take on complex AI projects in the public sector, given many other pressing priorities and challenges and limited AI experience. Projects are emerging, but they tend to be in specific and bounded applications, such as health diagnostics and customer service. 
  • Compliance and regulatory concerns, data quality, procurement policies, risks of bias, transparency of algorithms and concerns about liabilities will add to the barriers for public sector organisations and will need to be addressed. 

Our digital trends research indicates that, whilst AI is being actively deployed by public sector organisations in proofs of concept and trials across diverse functions, public service leaders are adopting a cautious approach. Many are undertaking preparations, reviewing guidance, measuring the benefits and risks, undertaking compliance assessments, developing policy frameworks, introducing governance arrangements and prioritising project planning. ‘Data readiness’ will be key to success and another reason why ‘data’ is now such an important trend for the public sector. 

Early application will be in areas such as: health diagnostics, customer service, data consolidation and reporting, property maintenance, road maintenance and traffic, office service automation, risk management, education and learning, legal services, auditing, procurement processes and more. 

“Policymakers need to know how many houses they must decarbonize, but they often lack the resources to perform detailed audits on every house. Our model can direct them to high priority houses, saving them precious time and resources.”

Dr. Ronita Bardhan, head of Cambridge’s Sustainable Design Group

This means that the use of AI in most public sector organisations will be exploratory, focused on specific areas and trials, such as voice recognition, data analyses and diagnostics, while developing polices to procure and manage AI and contain its risks. 

Optimising workflows and AI-supported decision-making using objective data analyses to make the decision basis more transparent will start to be explored. AI will begin to streamline processes where teams of professionals, committees and decision-making hierarchies currently ensure a collective responsibility and understanding of the impact of decisions. 

Factors for public service organisation to consider in adopting AI in 2024

There are many factors for public service organisations to consider in adopting AI:

  • Analyse vast amount of data 
  • Balancing risk and benefits 
  • Cost management and efficiency 
  • Data integration and triangulation 
  • Data readiness 
  • Enhanced decision-making 
  • Internal staff productivity 
  • Prediction and prevention 
  • Process automation 
  • Sharing best practices 
  • Skills required 
  • Streamline processes 
  • Technology for good

Artificial intelligence – trend summary

Overview of the opportunity

  • Specific application areas, broadening from public service interfaces into wider opportunities where trialling will begin. 
  • Analysis across disparate data sets to gain new insights, and potential individual and team productivity improvements. 

Risks and challenges

  • Managing unintended bias, error, privacy, security and ethical concerns, and reputational risk (noting that AI can sometimes simply ‘make things up’ if not checked). 
  • Maintaining and building public trust. 
  • Skills shortages, both within and outside technology areas. 
  • New cyber risks from AI used as an attack vector. 

Early benefits

  • Mostly in increased service automation, but this will gradually grow in all areas of public service. 
  • Insight into opportunities for early intervention and preventative services. 
  • Exploring how AI can help to improve outcomes by understanding complex data relationships in a range of cross-service functions. 

Application areas

  • Citizen service interfaces and workflows can be improved and automated, creating new and more engaging ways of working across a range of connected public services. 
  • Specific applications, for example, in health diagnostics and customer services – ‘big data analysis’ and the use of ‘chatbots. 
  • Embedded in other applications and tools. 
  • Gradually, all services will need to consider the possibilities of AI. 

Advice for digital leaders

Basic: To maintain public trust, avoid falling for supplier and consultant hype. Implementing AI takes time and effort. Before deploying on a large scale, set clear policies, define ownership and understand AI's impact within your organisation.

Good: Develop in-house skills and senior/political awareness as well as a good understanding of AI opportunities, risks and the functioning of generative AI, to be the organisation’s ‘expert advisor’ on responsible, ethical and secure use of AI.

Advanced: Undertake a risk analysis of AI (including new external cyber risks) and consider how those risks are best controlled, establish governance arrangements and be the expert in this area.
Socitm Says podcast – Episode 5: Generative AI with Kurt Frary and Sam Nutt

Case studies from around the world

Derby City Council: Phone-based AI assistance

The innovative journey of Derby City Council and their use of phone-based AI assistance to dramatically streamline their customer service operations. AI assistants have efficiently handled over 100,000 queries, deflected 43% of calls away from human advisors, and contributed to an impressive budget savings of £200,000.

Dudley Metropolitan Borough Council: AI sensors to tackle congestion hotspot 

The installation of a network of 65 VivaCity sensors to tackle an ongoing congestion issue. The data collected from the sensors has allowed Dudley Metropolitan Borough Council to make a data-driven decision to tackle congestion.

State of Pennsylvania, USA: GenAI pilot for state employees

A partnership with OpenAI to pilot generative AI tools for state employees and to guide responsible future use and development of the tools in the public space.

Amazon Web Services (AWS): Business value of Generative AI

Examples demonstrating reinvention of customer experiences, productivity enhancement, creativity and content creation and process optimisation.

State of Maryland, USA: Revolutionizing the digital experience using AI

Plans to overhaul IT services in the state include new AI regulations; policies ensuring ease of access to state platforms; a collaborative approach to cybersecurity; and a new office dedicated to user-centric digital innovations.

Auckland Transport, New Zealand/Aotearoa: IM – Automating digital records management using AI from Auckland Transport

A video describing how Auckland Transport is using AI to automate appraisal, archiving and disposal of records, improving accessibility, transparency and legislative compliance.

Microsoft M365 Copilot: Videos of practical scenarios

The case study videos demonstrate how M365 Copilot can enhance various situations, such as making meetings more efficient, increasing productivity, creating rapid business cases, modernising recruitment and optimising schedules.

Cambridge University: Pioneering AI project finds heat-loss houses 

The model is designed to help local authorities and other bodies make decisions about which houses to target when they are trying to reduce heat loss from buildings.

Artificial intelligence – a look ahead

We are at a turning point in the necessary preparations, plans and infrastructure designs to exploit AI in the public sector. Looking ahead, AI is one of the most exciting, transformative and potentially challenging technology developments for the public sector, leading to enhanced decision-making and improved ‘human-to-human’ interface in public services, especially in surfacing complex data relationships:

  1. Identifying risks and benefits of early interventions and driving team and individual productivity by linking and analysing complex data sets across systems, services and organisations.  
  2. Automating customer service journeys, connecting related services around individual needs, preferences and changing circumstances. Internal processes will also be automated, especially as office/administration software will have AI capability pre-embedded. 
  3. Analysing and demonstrating the wider effects of service decisions and risks. For example, connecting the impacts of decisions in measurable ways across domains (environment, health, social well-being and economic factors). New governance and processes will be needed to exploit this capability. 

Local public services typically operate in complex environments, managing sensitive situations and data, often related to vulnerable people with complex and diverse service needs. With relevant safeguards in place, these are all areas where AI can offer significant future value, with a new data insight, better risk management and joined up service delivery. 

AI in the public sector will improve, not replace, human activity. It can simplify processes, automate resource allocation, aid in decision-making, and trigger alerts for risks, leading to better-targeted resources and services. 

Over time this will lead to the development of entirely new public services that it would not be possible to deliver today. Already there are early examples of quantum computing using AI in health research and ‘Natural Capital Accounting’ to identify the wider costs of human activity to replace short-term business cases, leading to a fundamental change in how public services operate. 

AI has the potential to play a significant role across the whole spectrum of public services, becoming a partner rather than a de facto replacement. 


2. Cyber security

As conflicts escalate beyond borders and across the globe, UK organisations are being urged to bolster their cyber defences. Ensuring organisations are protected from unauthorised access to data and systems, as well as preventing data loss or leakage, remains a top priority. Public sector, in general, must adopt robust strategies to stay ahead of new threats and risks, such as AI, distributed cloud models and the increasing use of IoT devices. 

Two significant technical shifts include transition to TLS (Transport Layer Security) and adoption of Zero Trust networking: 

  • With increasing vulnerabilities in the SSL (Secure Sockets Layer) encryption protocol, organisations are transitioning to secure TLS (Transport Layer Security). This ensures improved data integrity and confidentiality, and greater resistance to ‘man-in-the middle’ attacks.  
  • The Zero Trust model assumes that threats can exist both inside and outside the network perimeter and provides the tools to put protection in place. 

The Cyber Technical Advisory Group (CTAG) and Warning, Advice and Reporting Points (WARPs) have generated significant benefits for local authorities and public sector organisations. CTAG has facilitated the development of best practice assets, such as securing Office 365 guidance and incident response policies. These are widely circulated and adopted by WARPs and councils. The collaboration has led to increased cyber maturity across local authorities. 

WARPs are community-based services, where members receive and share up-to-date advice on information security threats, incidents and solutions, thereby reducing the burden on individual organisations. Overall, the synergy between CTAG and WARPs has strengthened the cyber resilience of public services and critical infrastructure, ensuring they remain safe and up to date in a fast-paced digital landscape. 

At a national level, collaboration also benefits the public–private sector relationship and helps keep nations safe and up to date with such a fast-paced market. UK Government and industry collaborative efforts in cyber are increasingly important to our progress and ability to ‘defend as one’. Collaboration also benefits public–private sector relationships keeping public services and critical infrastructure up to date within a fast-paced market.

Cyber security – trend summary

Cyber security presents a significant opportunity for public sector organisations and place-based service providers to enhance their operational efficiency, reduce costs and build greater trust with their stakeholders.  

In this analysis, we use real-world examples of cyber security challenges faced and strategies needed by the public sector and place-based service providers to overcome them now and on a continuing basis.

Risks and challenges

  • Technological advancements: The rapid deployment of remote devices, the exponential growth of IoT devices and the emergence of AI and distributed cloud models introduce new vulnerabilities. 
  • System dependencies: Organisations must manage dependencies on various IT services and suppliers, which can complicate cyber protection efforts. 
  • Investment needs: Continuous investment in capacity and capability is necessary to maintain and improve cyber security measures, including up-to-date maintenance and patching of all system components. 
  • Compliance: Introduction of the CAF (Cyber Assessment Framework for local government) may require funding for independent advice, support and audits to objectively address new and changing risk profiles. 

These risks are further compounded by the challenging nature of cyber security itself. 

“The volatile, risk-filled landscape of cyber security so often gives our adversaries free rein to innovate faster than those who create for the online safety of all of us.” 

Danny Dresner, Professor of Cyber Security in the Department of Computer Science and the University’s academic lead for CyberFocus

Incidents 

Our analysis reveals several significant challenges that councils may face because of cyber incidents: 

  • Complete loss of access to IT systems and data: Severe disruption of operations, including housing, revenue and benefits, planning and waste collection services, which affect residents’ daily lives. 
  • Service disruption: Significant service disruptions, with staff unable to access line of business applications and the public unable to make payments or bookings online. 
  • Data exfiltration and potential breaches: Large volumes of data transferred to unknown destinations. 
  • Communication difficulties: Loss of email and IT systems, making it challenging to keep residents and staff informed. 
  • Balancing service restoration with security considerations: Inability to ensure that systems are secure before bringing them back online. 
  • Resource constraints: Limited capacity and capability to recover systems. 
  • Rapid decision-making and response: Unable to act quickly to contain cyber incidents and minimise their impact. 
  • Need for enhanced security measures: Recognising the need for enhanced security measures, such as multi-factor authentication and Endpoint Detection and Response (EDR) solutions, to prevent future attacks. 

These challenges underscore the importance of having robust business continuity plans, IT disaster recovery plans, effective communication strategies and enhanced security measures in place to manage and recover from cyber incidents. 

Emerging threats 

We expect to see growing trends in: 

  • AI-driven cyber-attacks: Increasing use of AI for sophisticated phishing, social engineering and deepfake attacks, leading to identity theft, influence, discredit, fraud and bypassing security measures. 
  • Cloud and IoT vulnerabilities: Targeting vulnerabilities in cloud environments and IoT devices, along with the continuous threat of ransomware, multifaceted extortion tactics and supply chain attacks. 

“AI has enormous potential. To ensure it remains a force for good in the world, we need to understand its threats and its opportunities.” 

Stephen Doughty, Minister for Europe, North America and UK Overseas Territories

Where to start

Security controls and threat response 

  • Keeping pace requires constant reassessment of threats but also embedding advanced security measures, including transitioning to cloud-hosted solutions and implementing Security Information and Event Management (SIEM) from the start to monitor and manage security events. 
  • Adding an extra layer of protection such as Multi-Factor Authentication (MFA) can significantly improve the security of your organisation’s systems and resources. This approach is being widely adopted by local authorities for all staff accounts to prevent unauthorised access.  
  • Detecting and responding effectively to threats on endpoints such as desktops, laptops, and mobile and internet of things (IoT) devices. Endpoint Detection can automatically contain or remediate the threat and alert security professionals. 
  • Establish a cyber incident response plan that outlines what to do in the event of a data breach or other form of security incident. This plan should be comprehensive (covering the complete lifecycle of an incident), tailored for relevant cyber scenarios according to threat intelligence and reviewed at least every 6 months, with staff participating in regular incident response exercises. 
  • Security by design is an approach to software and hardware development that seeks to make systems as free of vulnerabilities and impervious to attack as possible through such measures as continuous testing, authentication safeguards and adherence to best programming practices.  
  • Ensure all systems are secure by design, following a recognised standard such as CIS, ENISA, NIST or equivalent.  
  • Backups and recovery exercises tested at least once every 12 months, with findings being documented as lessons learnt. Backups and recovery will store data in case of data loss caused by a natural disaster, human error, system failure, or cyberattacks. 

Cyber awareness  

  • Emphasising the importance of regular training and awareness programmes to educate all staff about security, cyber threats and data protection.  
  • Appoint a member of the leadership team responsible for cybering in the organisation, for example a chief information security officer or a chief cyber officer. 
  • Board-level reports on cyber risk in services and partnerships, supported by independent advice and audits, will be beneficial. 
  • Conduct regular cyber security risk assessments and implement updates as a result. 

Cyber strategies and policies 

  • Implementing a single internally or externally published cyber strategy that lays out an organisation’s plan for how to secure your assets over at least the next 24 months.  
  • Organisation-wide policies underpinned by the cyber strategy, covering all major security domains and provide robust guidance to staff.  
  • Policies are reviewed at least once a year with board having a clear oversight of this process. 

Collaboration 

These measures will collectively enhance the ability to prevent, detect and respond to cyber threats, thereby improving their overall cyber security resilience. 

Application areas  

A joined-up approach to cyber resilience within and between public service organisations, will help to ensure a collective contribution from public services to wider civic community protection: 

Cyber protection layers graph - circular graph with circular layers like a dart board.

From inside to the outside, in order:
Central controls and ITDR
Data security and management
Applications and internal systems
Endpoint and device security
Access controls and ID
Cloud and distributed infrastructure
Apps and distributed systems
Staff and partners

Frameworks and tools 

  • Maintaining a strong policy framework for cyber practices and associated board level reporting is a key starting point. 
  • There is a wide selection of tools to assist with cyber protection, but the main application areas continue to be focused on people: staff, partners and systems users – vigilance is essential. 
  • Consider the evolving risks from new technologies like AI and cloud platforms early on. 

The UK’s government and NCSC, together with local government organisations have taken several steps to support public sector organisations in addressing cyber security challenges, especially in the context of adopting and using AI for local service delivery:  

  • Cyber Assessment Framework (CAF): This framework has been adapted for councils by the MHCLG (Ministry of Housing, Communities and Local Government) Local Digital Team to help assess and improve cyber resilience and address vulnerabilities that could disrupt critical services.  
  • Collaboration with local digital: The MHCLG Local Digital team is working to reduce the incidence and impact of cyber-attacks on local councils. They are supporting councils in building their cyber resilience and meeting the objectives of the Government Cyber Security Strategy.  
  • Laboratory for AI security research (LASR): This lab brings together experts from academia, industry and government to assess the impact of AI on national security. It aims to develop better cyber defence tools and improve intelligence collection and analysis.  
  • National Cyber Security Centre (NCSC):Cyber security service for schools – The Protective Domain Name Service (PDNS), which is already in place for other parts of the public sector, is designed to help prevent cyber-attacks on schools. 
  • The Cyber Resilience Centre for Wales (WCRC) and Welsh Government: Welsh social care sector gets free cyber security training. The Cyber Ninjas training scheme – which is being rolled out by the WCRC and delivered by Matobo Learning through its platform – provides funding for 2,500 social care training licences in cyber security. 
  • Department for Science, Innovation and Technology (DSIT):National Cyber Strategy 2022 – This document covers key elements of cyber security from implementation to building a resilient and prosperous digital UK.  
  • Secure Connected Places: Cyber Security Playbook (DSIT): A resource offering practical and accessible support to improve the cyber security of their connected places, or ‘smart cities’, across the UK. 
  • Connected Places Cyber Security Principles (NCSC): This guidance recommends a set of cyber security principles that will help ensure the security of a connected place and its underlying infrastructure, so that it is both more resilient to cyber-attack and easier to manage. 
  • Building a cyber resilient service: A guide for directors of children’s services, to support directors and their senior team to develop proactive, protective strategies and capabilities to enhance the cyber resilience of their service; some recommendations are technical, some organisational and some are about your people. 

Can AI help? 

AI is starting to play a pivotal role in enhancing cyber protection and resilience. Here’s how AI is being used to assist in cybersecurity: 

Threat detection and prevention

Machine learning (ML) can identify potential threats faster and more accurately than traditional methods. By analysing vast amounts of data from network traffic, system logs and user activity to identify patterns and anomalies that may indicate a cyber threat. 

  • Intrusion Detection and Prevention Systems (IDPS): AI helps to detect and block intrusions by analysing network traffic in real-time and flagging unusual login patterns and data exfiltration attempts. 
  • Malware detection: AI can identify new and evolving forms of malware by analysing characteristics or behaviours instead of relying on predefined signature databases. 
Public sector example: 

The U.S. Department of Homeland Security (DHS) utilises AI to enhance cybersecurity by detecting potential threats across federal networks.  

The Einstein program uses AI and machine learning to continuously monitor and protect government agencies from cyberattacks by detecting anomalies and blocking malicious activities in real time.

Automated response and mitigation 

AI can automate incident response processes, reducing the time it takes to mitigate threats. For example, AI-driven systems can isolate affected parts of a network, apply patches and restore services without human intervention enabling faster containment and mitigation of security breaches.  

Public sector example: The UK National Cyber Security Centre (NCSC) [PDF] has been incorporating AI into its cybersecurity frameworks to automate the detection of threats and mitigate attacks before they escalate. This includes the automated identification and isolation of potentially compromised systems within critical national infrastructure (CNI). 

Vulnerability management 

AI can assist in identifying, classifying and prioritising vulnerabilities within systems and software. By constantly scanning and assessing the cyber landscape, AI can highlight the likelihood of exploitation.  

Public sector example: The Australian Cyber Security Centre (ACSC) uses AI to automate the identification and remediation of vulnerabilities across government networks, helping agencies improve their resilience to cyberattacks. 

Phishing detection 

Phishing remains one of the most common attack vectors. AI can analyse emails and other communications to identify phishing attempts. Natural language processing (NLP) and machine learning models can identify suspicious content and warn users before they fall victim to scams. 

Public sector example: In Canada, the Canadian Centre for Cyber Security (CCCS) uses AI-powered systems to detect and prevent phishing attacks aimed at federal government employees and the public sector in general. This AI tool automatically flag suspicious emails and links in real-time, reducing the risk of successful phishing attacks. 

Security analytics 

AI enhances the ability to analyse security logs and other data sources to uncover hidden threats. Advanced analytics can correlate events across different systems to provide a comprehensive view of the security landscape. 

Public sector example: The European Union Agency for Cybersecurity (ENISA) uses machine learning algorithms to map out the AI threat landscape, identify trends and forecast emerging threats.  

These applications of AI in cybersecurity help organisations to be more resilient against cyber threats by enabling faster detection, more effective response and better overall security management. 

Advice for digital leaders

Basic: Maintain vigilance to protect applications and network infrastructure from unauthorised access. Be proactive in addressing emerging threats. Stay updated with compliance and regulatory requirements to strengthen security posture; maintain patching and virus checking.

Good: Foster a culture of continuous education and awareness among all employees, staying informed about the latest trends and tactics. Undertake end-to-end testing, compliance checking, change control, regular training sessions, simulations and updates on emerging cyber risks to empower staff to identify and respond to threats effectively.

Best: Engage executive board and political leadership, ensuring that cyber reporting is a routine focus with resources driven by business needs. Develop cyber strategies and policies which integrate cyber resilience into the broader organisational context, including the connection between IT disaster recovery, business continuity planning, emergency response and digital service dependencies within wider civic resilience planning and testing. Establish a Security Operations Centre (SOC), cross-border collaboration and strong supplier management.

Cyber security – a look ahead 

Cyber threats are becoming more sophisticated and far-reaching beyond existing cultural, administrative, organisational and structural borders. Protecting against these threats demands vigilance, proactive strategies and a culture of continuous education and awareness. An increasing concern regarding cyber risk will be the misuse of data, disrupted access to data and the loss of critical or sensitive information. 

The engagement of the executive leadership will be critical to consider how the risks are best managed, not just internally but across their network of linked organisations, suppliers and places. The introduction of the CAF for local government will enhance the capability of public sector and private organisations to adopt comprehensive and collaborative approach to cybersecurity including deployment of internal and external reviewers across linked organisations (such as health and social care). 

Introduction of a Cyber Security and Resilience Bill in UK Parliament is anticipated in 2025 with the prospect of more consistent approaches becoming widely supported and adopted. 

Skills and capabilities will continue to be stretched, while new opportunities are emerging to harness AI for cyber protection, not only enhancing the ability to detect and respond to threats efficiently but also shaping a more resilient organisational structure. AI-enabled cyber compliance and threat protection services will become more common. 

This forward-thinking approach will ensure robust protection against the ever-evolving cyber risks, safeguarding critical data and maintaining operational integrity in an increasingly digital world. 

Case studies: Cyber incidents and recovery plans 

St Helens Borough Council: Managing a cyber-attack

In August 2023, St Helens Borough Council experienced a cyber security incident that impacted its ICT systems and operational activities. Details of the attack in which a large amount of data was taken, how they dealt with the incident and more importantly the lessons we learned are described in this case study.

Gloucester City Council: Managing a cyber-attack and recovery plan

GCC experienced a sophisticated ransomware attack that encrypted its servers and disrupted services. The attack began with a spear-phishing email, which led to malware installation and eventual data exfiltration and server encryption.

British Library: Recovery plan after a cyber-attack

The British Library experienced a significant ransomware cyber-attack by the Rhysida gang, which compromised the majority of the library’s online systems. The attack involved data exfiltration, encryption or destruction of substantial portions of the server estate and forced lockout of all users from the network. 

Case studies: Implementation of security measures 

Safe Durham Partnership: Tackling and preventing cyber enabled crime

Faced with an increase in online crime and harm across a range of themes including extremism, the Safe Durham Partnership developed a holistic approach to address online crime and harm, including extremism, focusing on raising awareness, reducing risk to vulnerable groups and building resilience.

Ministry of Housing, Communities and Local Government (MHCLG): Local Digital’s work on cyber (2020 – present)

The MHCLG Local Digital team is working on improving cyber health and resilience in local government. Their goal is to reduce the incidence and impact of cyber-attacks and support sustainable cyber risk management as part of their commitment to continuously improving cyber security practices.

Cyber strategies (examples)

Useful links


3. Harnessing data

Harnessing data is the cornerstone of place-based public services improvement and transformation. However, the potential for effective data utilisation beyond existing cultural, administrative, organisational and structural borders has yet to be realised. Here, we build on Socitm’s Harnessing Data collection to highlight how the importance of data continues to grow in relevance.  

This trend has been recognised by successive UK governments. The Data (Use and Access) Bill has been re-introduced by the current Labour government with the aim to “harness the power of data for economic growth, support modern digital government, and improve people’s lives.” A helpful overview of the provisions of the Bill and their implications for local government are provided on the LGA website. 

In Europe, it is notable that interoperability is now a mandatory requirement placed on public bodies. As of 12 January 2025, interoperability assessments have become a mandatory requirement across the European Union. This development is a key milestone in the implementation of the Interoperable Europe Act and aims to enhance the delivery of cross-border digital public services. 

Data use is also amplified as organisations increasingly deploy artificial intelligence (AI) to extract insights from data to enhance service delivery and optimise workflows. The effectiveness of AI relies heavily on the quality of the data that is input. However, many place-based public sector organisations lack quality data or the right data skills or governance arrangements to use AI effectively. 

The trend for place-based public sector organisations to prioritise data as a critical resource will continue to accelerate, opening new possibilities and ways of addressing the needs of residents and communities, and overcoming the legacy of silo-based service delivery. 

Harnessing data – trend summary

Overview of the opportunity

Socitm identifies four main ways in which data can be harnessed in place-based public service delivery:

  • Data can be used to identify the distribution of deep-seated societal problems and their underlying causes.
  • Data can inform how to target resources and interventions more effectively as well as the design of preventative measures.
  • Data supports improved internal productivity and overall efficiency.
  • Data is the foundation for deploying many emerging technologies such as AI. 

To understand how data can be utilised effectively for these purposes, there are several key dimensions of data to consider:

Data maturity circle in the middle, surrounded by 4 boxes: Data policies, Data architecture, Risk and Exploitation

Risks and challenges (with solutions)

Data remains a critical yet all too often misunderstood asset for place-based public services. Key areas of risk include: 

  • Data quality: High-quality data is data that is fit for purpose. High quality data is crucial for ensuring the value of the information generated by its use. The quality of data can be assessed through various dimensions, including completeness, uniqueness, consistency, timeliness, validity and accuracy. 
  • Data standards: Standards complement data quality by establishing consistent methods for capturing or storing data. They define the agreed-upon language, concepts, rules, guidance and results. Standards enhance the sharing and integration of data. Establishing and adhering to data standards is crucial for ensuring consistency and reliability in data management.   
  • Data governance: Data governance refers to the activities and processes related to properly managing data within an organisation. This encompasses quality, design, sharing, access and security aspects. 
  • Data sharing: Data sharing involves making the same data resources available to various applications, users and organisations. This process encompasses technologies, practices, legal frameworks and cultural elements that ensure secure data access for multiple entities while maintaining data integrity. Effective data sharing across organisational borders relies on the quality, standards and matching of data. 
  • Data privacy, protection and security: Data privacy, protection and security concern how data is handled and stored. Given there will be further reliance upon AI, inputting data into AI brings its own privacy and security risks and so greater scrutiny will be needed.  
  • Data ethics: Data ethics involves the ethical and moral obligations associated with collecting, sharing and using data, with a focus on ensuring that data is used fairly and appropriately. In public services, data often relates to services, individuals and personal circumstances, making ethical considerations vital. 
  • Data literacy: Data literacy is the ability to explore, understand and communicate with data in a meaningful way. Developing data literacy is important for understanding and using data effectively within and across a network of organisations.  
  • Data skills: Data skills are understood as having the technical knowledge and capability to deliver data projects.  

Socitm, together with organisations such as the London Office of Technology and Innovation (LOTI), argue that the ability to use data as a resource is considered an essential skill for public sector organisations to function effectively and meet residents’ needs. This ability requires access to a variety of skills, including information governance, data visualisation, data science and data architecture, among others. 

Here, we examine these key risks and challenges and potential solutions highlighted by Socitm and our relevant partners: 

Risks and challenges  Solutions 
Data quality: Errors in data or incorrect analysis can lead to significant organisational liabilities and potential penalties.

AI intensifies these errors because it relies on high quality input data. Poor input data results in poor output.  
The Government Data Quality Hub (GDQH) advises achieving data quality through good design, architecture and collection methods.

GDQH also recommends documenting data with metadata, prioritising quality assurance, automating workflows and developing reproducible analytical pipelines to reduce errors.  
Data standards: Unconnected technology solutions often can’t share data. This issue is worsened by organisational reluctance to adopt data standards due to a lack of understanding and capacity to develop and enforce them. The Local Digital team at the Ministry of Housing, Communities and Local Government (MHCLG) argues for a consistent data description across services and data standard to improve efficiency and effectiveness of services outcomes.

An open standard enables data sharing via APIs, streamlining processes and reducing errors. This also helps address market conditions by easing the switch between products and integrating new technology modules.

To be effective, standards must be widely adopted by councils and their technology suppliers.  
Data governance: A lack of governance in leadership, policies and strategies for data usage. This issue will grow as AI usage increases.  Data leaders should define clear roles, responsibilities, accountabilities, policies, principles and structures for effective data management. This mitigates cyber risk but also prepares for new opportunities like AI.

For example: A data strategy; information governance agreement; comprehensive policy and use documents.

Staff need to be aware of and adhere to these governance arrangements.  
Data sharing: Accessing data across different organisations has been a longstanding challenge due to the need for information governance processes and data sharing agreements to be put in place first.

These processes which are designed to protect data, such as restricting the reuse of data for purposes beyond its original intent further complicate how data can be shared.

Collaboration supports data sharing, but senior leadership often resists due to a lack of understanding which holds back progress in innovation.  
Public sector organisations should continue to strengthen external collaboration efforts and aim for open data sharing where possible with other organisations because it can aid innovation. There is an increasing demand for data sharing between the NHS and local government.

Collaboration is going to become a necessity with tightening budgets and larger councils will be expected to support smaller councils in service delivery.

A pan-London information governance document is being developed for use across London boroughs and which could also be used by councils in other regions. 
Data privacy, protection and security: AI will put greater pressure on Information Governance teams to manage data and amplify existing data privacy and (cyber) security risks, which include data leaks and loss, misuse and mishandling, theft and breaches.   Security and cyber awareness skills are now more crucial than ever for our safety. The Municipal Information Systems Association (MISA-Canada) states that public sector organisations must maintain data privacy, protection and security principles.

Organisations should consult the National Cyber Security Centre (NCSC)’s Cyber Assessment Framework (CAF) which assesses and improves cyber resilience and address vulnerabilities that could disrupt critical services.

The MHCLG’s Local Digital Team is working to support councils to adopt the CAF, to reduce the incidence and impact of cyber-attacks, to build cyber resilience and to meet the objectives of the Government Cyber Security Strategy. 

On a smaller scale, organisations should pay attention to data sensitivity, classification and retention management with new technologies. By prioritising tagging and labelling data based on sensitivity to ensure privacy compliance and prevent unauthorised access. Refer to the UK Government’s Classifications Policy.  
Data ethics: Ethical challenges include data sourcing, repurposing data beyond its original intention, insufficient security measures for storage, methods of anonymisation and the preparation of data for use.   Local governments must be transparent about data collection and usage, informing citizens about the data collected, its purposes and their rights.

Public sector organisations should ensure new data projects benefit the public and evaluate potential harms.

As AI technologies gain prominence, transparency becomes crucial due to concerns about biases and training data quality.  
Data literacy: Misinterpretation of data caused by lack of skills and poor data quality.  Continuous training and upskilling for all citizens and staff, regardless of their data expertise, is essential.

MISA-Canada notes that in hybrid work environments, securing data in applications such as Microsoft Teams, SharePoint and Dynamics 365 is crucial. This requires using sensitivity labels for access controls and cloud-native security tools for real-time data protection.  
Data skills: Recruiting and retaining talent with essential data skills alongside reduced council budgets.

Many councils lack the capability to deliver data projects and have varying degrees of technical proficiency. This issue may worsen as new technologies emerge, requiring new skills.

The lack of data skills is exacerbated by leaders who are not equipped to support this work effectively. Leaders often lack understanding in this area, which prevents them from providing proper guidance.

As AI advances and new skills are needed for emerging technologies, many organisations still lack fundamental data skills. This gap in understanding will contribute to an increasing digital divide and exclusion. 
Investment in business cases for acquiring the right skills and innovative approaches to sourcing, sharing and recruiting staff with data skills is essential.

Attracting talent to the sector is crucial. Place-based public sector organisations must improve their presentation and marketing in this area, especially digitally, to make it more appealing for individuals with the right skills to apply.

For example: Implementing the DDaT framework or similar to create a local government digital and data career pathway; offering remuneration and rewards that reflect the value innovators bring to the public sector.

Regular training to maintain skills as technologies such as AI continue to develop are critical to avoid the widening digital divide.

However, all of this is not possible until leaders are equipped with the necessary knowledge and language to understand and support data efforts beyond just IT. 

Early benefits

  • Ensuring a strong policy for use of data, not only helps to mitigate cyber risk but is an essential preparatory step for adoption of new opportunities such as AI. 
  • Using data to predict and prevent future demand for services which are already under pressure involves setting data standards, processing data and simplifying systems to ensure accurate data capture. 

Where to start

Public organisations that are unfamiliar with harnessing data should consider the following steps:

  • Above all and as a first step, be clear about the outcomes and applications sought by harnessing of data. 
  • Develop access to data skills and senior level responsibility for data across the whole organisation.  
  • Data assets of the organisation need to be understood – quality, appropriateness, value and cost. 
  • Focus on data quality and consistency in standards and use across application areas. 

Application areas

Across the public sector there is a trend of harnessing data to enhance public services, build trust and improve outcomes for residents. The following list gives an indication of the emerging themes observed across the sector (the case studies section below, highlights these examples in more detail): 

  • Place-based insights: We see a growing trend in harnessing data from diverse sources to better understand the social, economic and environmental challenges facing communities and places. A particular example is the Place Insights platform offered by Socitm in a partnership with Impera Analytics. Incorporating a Social Progress Index (SPI), the platform analyses how well a society (community of people living in a particular area) is doing by measuring its social and environmental performance. 
  • Data driven interventions or services: Data analytics and machine learning can generate results that are evidence-based and serve residents with more targeted outcomes e.g. predictive analytics for infrastructure maintenance or heatmaps of citizen service usage to prioritise investments. 
  • Data quality and integration: Councils have worked to improve data quality and integration across their departments and systems by linking data with Unique Property Reference Numbers (UPRNs) and using the Local Land and Property Gazetteer (LLPG) as the main reference for property data. 
  • Community engagement and communication: Councils are improving relationships with residents by transparently communicating how their personal data is handled. Public sector organizations are using data and community involvement to shape policymaking, especially in AI technology deployment. 
  • Proactive and data-driven interventions: Councils and universities are utilising data dashboards and platforms to identify and address issues proactively, such as housing and mental health, enabling early support and preventative interventions. 
  • Emergency response and vulnerable populations: Data identifies vulnerable households during emergencies to ensure they receive support. Linking data from various sources has improved emergency response and planning through multi-agency collaboration. 
  • Cross-department and multi-agency collaboration: Many projects emphasise the importance of collaboration across departments and agencies to improve service delivery and decision-making, particularly with regard to data sharing. 

Can AI help? 

The development of AI will put greater pressure on data, amplifying risks and requiring new skills. However, there are some dimensions in which AI can help with data management: 

  • Data collection: AI tools can help with data collection (ingesting from multiple sources) and preparation (cleaning and organising for analysis) (Google). 
  • Data analysis: AI models can identify patterns, correlations, anomalies and trends in the data (Luzmo). 
  • Data quality: AI-powered data cleansing algorithms can automatically detect and correct errors, standardize formats and resolve duplicates in advanced ways (Plauti).   
  • Data privacy, protection and security: Effective retention management strategies reduce risks and storage costs. AI-driven solutions automate compliance checks and ensure records are archived or destroyed as needed (MISA-Canada). 
  • Data reporting: AI can automate report generation, saving time and ensures that all employees have access to the same information in a timely manner, regardless of their location or background (Datacamp). 

Note: When applying AI to data, exercise caution. Ensure you have the necessary permissions, follow data security procedures and conduct risk assessments before implementation in your organisations. 

Advice for digital leaders

Basic: Collaborate not only with public but also with private sector organisations to strengthen data capability and capacity. Explore ways to address the sector-wide issue of data skill shortages by innovating recruitment and retention approaches. Utilise procurement to supplement data skills gaps.

Good: Establish governance frameworks to ensure that data is used effectively and securely. If your organisation does not have board level responsibility for data, consider how this might be achieved and what data or information governance is needed. Consider data outside the organisation on which services depend (e.g. knowing what data has transitioned to the cloud) and define corporate and place-based data architecture and cyber protection accordingly.

Best: Invest in technologies such as the SPI (offered by the Place Insights partnership between Socitm and Impera Analytics) to extract actionable data insights. Develop AI governance, skills and understanding:

Artificial intelligence (AI): What senior leaders in local government should know (Socitm)

Sample terms of reference for an Artificial Intelligence Governance Board (Socitm)

Sample corporate policy document for use of Generative Artificial Intelligence (Socitm)

Using Generative Artificial Intelligence Large Language Models – Do’s and dont’s (Socitm and ALGIM)

Harnessing data – a look ahead 

The importance of data will continue to increase among place-based public sector organisations aiming to enhance service delivery with data alongside AI. 

Using data to help predict and prevent future demand for services that are under pressure will require improving data standards and data processing, along with simplifying systems to ensure data accuracy from the point of capture. 

It is crucial for senior leaders, including politicians, councillors, chief information officers and digital leaders to prioritise improving their data skills, to invest in their organisation’s data capabilities and to guard against risks by ensuring that data is utilised responsibly, securely and ethically as a resource. 

An outstanding issue remains control over the ownership of an individual’s personal data. Over recent years there have been various attempts to wrest control of personal data from organisations and place it in the hands of the individual with ‘data vaults’ being proposed as the solution. The following diagram illustrates the impact and opportunity that this offers for greater innovation and improved services. 

Innovation graph
Individual data ownership and innovation. Source: Ruben Verborgh

We hope this trends analysis has demystified data as a concept by explaining its key dimensions: data quality, standards, governance, sharing, privacy, protection, security, ethics, literacy and skills, so that you can utilise data more effectively in your organisations. 

In summary, the key dimensions of data and the steps place-based public sector organisations can take to utilise it effectively beyond 2025 will continue to be: 

  • Maintaining high-quality data, adhering to established standards, implementing robust governance practices and facilitating effective data sharing across organisational borders. 
  • Ensuring data privacy, protection and security, especially in the context of AI reliance, and prioritising responsible data handling and storage. 
  • Ethical use of data, particularly being transparent with citizens about data usage to foster trust. 
  • Emphasising data literacy and skills, highlighting the need for training and addressing sector-wide data skill shortages.  
  • Senior leaders need to adopt a comprehensive approach to data and AI management, encompassing quality assurance, adherence to standards, robust governance, effective sharing, and stringent privacy and security measures.  
  • Information governance and cyber security efforts remain the foundation of good data use.  

Case studies: Social progress index

Impera Analytics and Brent Council: Brent Council’s Social Progress Index 

Brent Council’s SPI provides data-driven insights on key social indicators like education, and health and safety. Partnering with Impera Analytics, the council uses this data to make informed decisions, prioritise resources and empower communities. The SPI aims to enhance well-being and set a new standard for data use in local governance. 

Impera Analytics and Luton Borough Council: Luton Borough Council’s Social Progress Index 

Luton Borough Council faced challenges in understanding population outcomes and data maturity. Partnering with Impera, they developed an SPI and provided training to enhance data literacy. The SPI informed policy design established a baseline for the Luton 2040 vision and increased transparency, showcasing the council’s commitment to data-driven decision-making.

Case studies: Data standards

Ministry of Housing, Communities and Local Government (MHCLG) – Local Digital: Driving Adoption of Open Referral UK

The Local Digital team at MHCLG is implementing a three-year plan to adopt the Open Referral UK (ORUK) data standard across local government. This initiative aims to streamline community service information sharing, save councils millions annually and improve access to quality information for citizens while enhancing administrative efficiency.

Case studies: Data ethics and data literacy 

London Borough of Camden: Data charter and AI technologies

Camden Council’s Data Charter ethically manages residents’ personal data, including AI technologies. Originally launched in 2021, this aimed to initiative build trust and ensure responsible data use. In 2023, the charter was updated to improve communication about data practices (particularly around AI), making information accessible in various formats and languages. This project enhanced trust, transparency and understanding of data use among all residents.

Impera Analytics and Birmingham City Council: City Observatory

Impera Analytics created the City Observatory platform to help Birmingham City Council provide accessible and transparent data to residents and stakeholders. It consolidates diverse datasets into a user-friendly hub, showcasing ongoing monitoring activities and long-term trends. This approach enhances data transparency, improves strategic insight generation, and fosters greater engagement and understanding among the community.

Impera Analytics and Northern Ireland Executive Office: Redefining engagement and shaping policymaking

Northern Ireland Local Government Association (NILGA), in partnership with Impera Analytics, hosted the first-ever Citizen Led Impact (CLI) training for council officers in Northern Ireland. The aim of the event was to redefine public engagement and shape policymaking using data, insights and community involvement. As a result, participants should be able to take a more inclusive and effective approach to governance and decision-making.

Case studies: Data sharing

Welsh Government: Sharing data to support vulnerable people in Wales

The JIGSO project, led by the Joint Emergency Services Group Wales (JESG), supports vulnerable people through data-driven processes and multi-agency collaboration. By using Unique Property Reference Numbers (UPRNs) to link data, it provides emergency responders with crucial information, enabling faster, more targeted responses during crises and better scenario planning.

Case studies: Targeted services and interventions with data

Stockport Council et al: Family Context data tool

A Local Digital programme funded project led by Stockport Council in partnership with Leeds City Council and Manchester City Council. Stockport’s Family Context data tool connects information across systems and organisations, providing staff in children’s services with easy access to family information and saving time. The tool has proven effective for the council and has delivered tangible benefits, even though it has not been widely scaled due to the complexities associated with reproducing the data work needed to link data stored across systems and organisations.

Westmorland & Furness Council et al: Rapid identification of vulnerable households

A Local Digital programme funded project led by Westmorland & Furness Council with multiple councils in the north of England, the VIPER tool helps identify vulnerable households during emergencies, ensuring they receive the support they need. It replaces manual, paper-driven processes with a digital solution, allowing multi-agency access to critical information. This approach improves emergency response, enhances collaboration and reduces risks for vulnerable populations.

London Boroughs of Hounslow and Brent et al: Data platform for frontline care workers

Hounslow and Brent in collaboration with other councils and organisations developed a multi-agency data platform to equip frontline adult social care workers with better information about the residents in their care. This initiative improves collaboration and decision-making, enhancing service delivery and care for vulnerable residents.

London Office of Technology and Innovation (LOTI), London councils, the Greater London Authority (GLA) and Bloomberg Associates: Homelessness data tool

The Homelessness data tool project, led by LOTI in collaboration with London councils, the Greater London Authority and Bloomberg Associates, aims to design and deliver a data tool to support the Life off the Streets programme. This tool provides strategic insights into rough sleeping pathways and interventions, helping to make rough sleeping rare, brief and non-recurrent in London.

Westminster City Council: Air Quality Data Platform

Westminster City Council’s Air Quality Data Platform, launched in July 2023, provides accessible air quality information. Aligned with the Fairer Westminster Strategy, it consolidates diverse data into a user-friendly hub, showcasing monitoring activities and pollution trends. It includes health and deprivation data to highlight environmental inequalities, fostering greater engagement and understanding among residents.

London Borough of Barnet: Cost of Living Data Explorer

The Cost of Living Data Explorer is a publicly available PowerBI dashboard that helps Barnet Council understand the impact of the cost of living crisis on its residents. By combining various data sources, the tool provides insights into local needs and vulnerabilities, enabling the council to target support and interventions effectively. This approach enhances data-driven decision-making and improves service delivery for residents.

LOTI and the GLA: Damp and mould management

LOTI and the GLA are developing a data-driven approach to address damp and mould in social housing. The Pan London IoT Damp and Mould Project aims to use IoT sensors to address damp and mould issues in London homes. By deploying sensors across 18 boroughs, the project seeks to identify root causes, monitor improvements and gather data for strategic decisions. This initiative enhances health and wellbeing by ensuring safe living conditions for residents.

Northumbria University: Supporting students’ mental health

Northumbria University used data analytics and a dashboard to identify students at risk of mental health issues. This initiative provides early support by analysing data related to student behaviour and engagement, enhancing understanding of factors affecting student well-being and academic performance.

Useful links


4. Geospatial technologies

Geospatial technologies and location intelligence are crucial for a wide range of public sector applications, providing valuable insights that can inform decision-making, drive innovation, economic growth, efficiencies and cost savings. Effective use of data also lies at the heart of ‘connected places’, overcoming barriers and transcending artificial borders – cultural, administrative, organisational and structural – to achieve better social, economic and environmental outcomes for people, communities and places, as recognised in the UK’s Geospatial Strategy 2030.

“Geospatial AI can process the expanding data about land to unlock its information and turn it into actionable insights. The Alan Turing Institute define ‘geospatial AI’ as AI applied in a geospatial context.”

Alan Turing Institute

Over recent years our research has assessed the opportunities generated by location intelligence, drone technology and digital twins and AI. All of these developments, alongside new sources of data from satellites and elsewhere, continue to gain prominence with an increasing number of applications in public services. For instance, land use is a key topic for UK government, in particular related to the need to build more houses and how changes to the planning process can facilitate meeting this objective.

The utilisation of geospatial data needs to be considered in the context of broader strategies for harnessing data. We afford the topic special treatment here as an often overlooked source of valuable insights.

Rapidly reducing costs of satellite and drone technologies are opening up new possibilities for collecting and using geospatial data to address hitherto unsolvable problems. When connected to geographic information systems (GIS), IoT data, artificial intelligence (AI) and global positions systems (GPS), these ‘spatial reality’ tools can use data and information in new ways to solve problems:

Applied spatial technologies

Applied geospatial technologies:

  1. Connected places data analysis
    The move beyond ‘smart cities’ towards whole system working and ‘connected places’, whether rural or urban, is a major shift for public service design, connecting data and services in new ways around citizen needs.
  2. AR, VR and ‘digital twins’
    Augmented reality, virtual reality and the ability to use ‘digital twin’ modelling to test virtual services and scenarios before designs are finalised has become a powerful tool for public services with a compelling ROI (return on investment), as evidenced by Nottingham City Council.
  3. Preparing for and responding to social, economic and environmental challenges
    Many of the problems facing societies today pay no respect to political, physical or other types of borders. Viewed through a geospatial lens, the COVID-19 pandemic reinforced the unprecedented need for data, geospatial information, enabling technologies and insights for governments and citizens across the globe, to not only enable decision-makers to inform policies and planning, but to also minimize the risk to people
  4. Tracking and connecting resources
    Assets and resources such as utilities, buildings, equipment, sensors, street furniture are increasingly diverse and connected – as recognised in the UK’s NUAR initiative, designed to create a complete national database of underground utilities. 

Earth Observation data is an increasingly important component of the geospatial ecosystem. Accelerated by the return of the UK to involvement in Copernicus from the start of 2024, this European initiative seeks to operationalise the use of these data in decision making across six application domains.

Copernicus services: Atmosphere, Security, Climate change, Marine, Emergency, Land
Copernicus services

Atmosphere − The Copernicus Atmosphere Monitoring Service (CAMS) provides continuous data and information on atmospheric composition. The service supports many applications in a variety of domains including health, environmental monitoring, renewable energies, meteorology and climatology. The service focuses on air quality and atmospheric composition; ozone layer and ultra-violet radiation; emissions and surface fluxes; solar radiation.

Marine Monitoring − The Copernicus Marine Environment Monitoring Service (CMEMS) provides free, regular and systematic authoritative information on the state of the Blue (physical), White (sea ice) and Green (biogeochemical) ocean, on a global and regional scale. It contributes to combating pollution, marine protection, maritime safety and routing, sustainable use of ocean resources, developing renewable marine energy resources, supporting blue growth, climate monitoring and forecasting.

Land − The Copernicus Land Monitoring Service (CLMS) provides geospatial information on land cover and its changes, land use, vegetation state, water cycle and Earth’s surface energy variables. It supports applications in a variety of domains such as spatial and urban planning, forest management, water management, agriculture and food security, nature conservation and restoration, rural development, ecosystem accounting and mitigation/adaptation to climate change.

Climate Change − The Climate Change Service (C3S) provides authoritative information about the past, present and future climate in Europe and the rest of the World. It provides climate data and information on impacts on a range of topics including biodiversity, shipping, tourism, water management and health.

Security − The Copernicus service for Security applications aims to support by providing information in response to Europe’s security challenges. It improves crisis prevention, preparedness and response for border and maritime surveillance, support to security services.

Emergency Management − the Copernicus Emergency Management Service (Copernicus EMS) provides users involved in the management of natural disasters, man-made emergency situations, and humanitarian crises with timely and accurate geo-spatial information derived from satellite remote sensing for integration with existing geospatial datasets.

Alongside an understanding of the opportunities, attention must be given to awareness and trust. For example, 77% of respondents in a recent survey were unfamiliar with connected places and expressed limited trust, especially in private sector-operated technologies. Environmental monitoring garnered the highest trust, while data-gathering technologies raised concerns. Only 15% said they would trust technology managed by central government and 14% by local government.

With growing availability of data and demand for location-based intelligence systems, the deployment of geospatial technologies will be a growing priority for place-based public services.

Geospatial technologies – trend summary

Overview of the opportunity

  • Understanding opportunities, such as infrastructure and asset tracking, service modelling and virtual service design can help to optimise a wide variety of public services, as well as well as exposing and managing connectivity vulnerabilities and barriers.
  • Using geospatial technologies, offers new ways of viewing, delivering and managing services, with more insightful place-based metrics.

Risks and challenges

  • This remains a relatively new area for public service, despite much experience in the use of geographic information systems.
  • Risks with this developing area lie more with the data quality and interpretation than the technology itself so improving skills and awareness of data management will help greatly.
  • Sharing data insights and best practice publicly will help to mitigate the risks for others embarking on this area.

Early benefits

Early benefits will lie in being able to understand data insights and their benefits in a range of planning areas – civic space planning, infrastructure risks and testing different virtual scenarios of new service designs.

Application areas

Examples include: 

Planning and development: Geospatial data helps planners to determine the best locations for new infrastructure, assess the impact of development on the environment and plan for future growth.

Environmental management: Monitoring and managing natural resources using geospatial data allows scientists to track changes in land use, deforestation, air and water quality, and wildlife habitats, and to develop strategies to protect the environment and ensure sustainable use of resources.

Disaster management: In the event of natural disasters such as earthquakes, floods, or hurricanes, geospatial data is invaluable, geospatial data is used to map affected areas, assessing damage and coordinating relief efforts. Real-time spatial data is also being used to predict and mitigate the impact of future disasters.

Transportation and navigation: Geospatial data is the backbone of modern navigation systems. It is used to plan routes and manage transportation networks, optimising traffic flow, reducing travel time and improving overall transportation efficiency.

Public health: In the field of public health, geospatial data is used to track the spread of diseases, identify health trends and allocate resources effectively.

Agriculture: Farmers use geospatial data to monitor crop health, manage irrigation and optimise the use of fertilizers and pesticides. Precision agriculture relies heavily on geospatial data to increase crop yields and reduce environmental impact.
  • Standardised addressing and accurate street data has the power to transform people’s lives. In the UK, GeoPlace is the guardian and champion of that information on a national scale.

Advice for digital leaders

Basic: Select specific application areas that will deliver tangible benefit in the short term, whilst building a picture of long-term possibilities.

Good: Understand the possibilities generated by geospatial technologies and data, linking these to short, medium and long-term investments. For example, using VR and AR to help with planning of virtual services and spaces and geospatial data to help map community assets.

Advanced:
Consider the potential of geospatial technologies and data in the context of business and digital strategies, initiating conversations with service and other digital leaders about the possibilities. This includes making the connections between individual technologies such as VR, AR, AI, IoT and tools such as digital twins.

Case studies from around the world

GeoPlace: Nottingham City Council predicts impressive 6:1 ROI on use of address and street data

Nottingham City Council is seeing impressive returns from its investment in geocoded address and street data, and the use of that data across the organisation. Results of an in-depth study show the council generated an estimated Return on Investment (ROI) of over 4:1 between 2018 and 2022.

Department for Science, Innovation and Technology (DSIT): UK to pilot use of innovative EO technology for public services

The Geospatial Commission pilot will see public sector bodies able to access and test high resolution Earth Observation (EO) data and services.

Major Cities of Europe: How technology can help manage climate change

This presentation by Dr Alan Shark to Major Cities of Europe’s annual conference (2023) sets out how technologies such as VR, AI, visualized data and advanced data capture can help to mitigate and manage the impacts of climate change.

The Association for Geographic Information: Deeper understanding of customer and neighbourhood

They undertook a range of analyses and produced a series of thematic maps, an overall “index of vitality” to help advise on areas that had potential for development or better neighbourhood development.

Local Digital: New research finds investment in 3D modelling delivers double returns in town planning benefits

While many Local Planning Authorities (LPAs) recognise the potential of cutting-edge technologies to revolutionise their planning processes, justifying the initial and ongoing investment can be a significant hurdle. New research, commissioned by Nottingham City Council, now provides compelling evidence that the investment in 3D (three dimensional) modelling and geospatial technology not only brings tangible benefits but delivers substantial financial returns.

City of Helsinki: The 3D City Models of Helsinki

The 3D City Models of Helsinki, also known as the city’s digital twin, are a virtual rendering of the city’s environment, operations and changing circumstances. The models can be used as a design tool, network service or game engine platform. They can be used to measure volume, elevation differences, distances and surface areas and are dimensionally accurate to within 20 centimetres of reality.

ConsultingWhere: Global Inventory of Geospatial Value Studies

The GeoVSI is an online searchable collection of geospatial value studies developed by United Nations Member States and industry experts to help justify investments in geospatial data and systems. The site provides a summary of each study, search facilities and links to the full studies.

Geospatial technologies – a look ahead

The UK Geospatial Commission’s sector market report 2024 values the geospatial sector at £6 billion annually, employing over 37,500 people and attracting £1.2 billion in investment since 2013. The UK geospatial market is expected to grow at a compound annual growth rate (CAGR) of 11.26% from 2025 to 2030. The geospatial sector is being transformed by new technologies, including AI, machine learning, and cloud computing.

Geospatial technologies and location intelligence will continue to grow as an exciting area of innovation. Powered by increasing availability of location-based data, above and below ground, it can be used to reconfigure and even invent new services to meet the needs of people, communities and places.

The challenge in public service application will be to retain public trust in these increasingly personalised, localised, sophisticated and portable digital services, and to consider how emerging geospatial technologies and the influence of the big technology companies can be harnessed and managed in ways that are ethical and safe.

Useful links


5. Infrastructure and cloud

IT infrastructure and cloud-based services are coming under increasing pressure to cope with new volumes and demands for flexibility and resilience in ‘connected places’. Burgeoning costs and lock-in to big IT suppliers are concern. In many public service organisations and in the wider communities they serve, there will be a need to reassess infrastructure, needs and capabilities: 

  1. Interoperability requirements across systems, organisations, hybrid cloud platforms and data sets are requiring a reassessment of the flexibility, standards and structures for distributed infrastructure. Modern IT infrastructures are distributed, complex and depend on new tools to offer security and performance across distributed cloud networks. 
  2. In many organisations investment levels in IT infrastructure have not kept pace with demand and digital developments. It can be hard to persuade business leaders of the need to invest until something goes wrong, whilst infrastructure costs are increasing. 
  3. Well-designed infrastructure is the basis for managing a complex patchwork of data sets across different cloud and internal systems. Increased complexity, with a growth in apps, systems and new technologies, such as AI and IoT, require a reassessment to ensure coherence and consistency for compliance and reporting. 
  4. IT infrastructure architecture design is the key to simplified, flexible and secure access to an increasingly complex mix of data and systems. The demands for increasing flexibility to enable new styles of working and security in the face of growing cyber threats, requires continued focus. A key requirement is ubiquitous Wi-Fi, mobile and broadband access for all, not just focusing on 5G and beyond. 
  5. As many IT suppliers offer a cloud-only service, it is essential that public sector IT infrastructure can embrace this, without compromising compliance, security, or data controls. At the same time, organisations need to be able to retain in-house services where they choose, particularly to control cost and maximise value. 
  6. The growth of digital services and dependence on these, coupled with the explosion of data and information from new technologies, is driving unprecedented levels of data processing, straining existing IT infrastructure to its limits. Often a complete reconfiguration is required, not just upgrading infrastructure capacity. 
  7. New technologies are available to optimise IT infrastructure, such as MPLS networks, delivering a level of observability of IT performance, opportunities for cost savings and risk mitigation that might otherwise be hidden. Increasingly complex, distributed, dynamic, intelligent and self-managing infrastructure services typically require reconfiguration and modernisation of traditional IT infrastructure. 

Over the last few years, the use of cloud computing and its potential to transform public sector IT infrastructure has changed significantly. The debate will move beyond whether cloud is a safe way of processing data and hosting systems in the public sector to one in which cloud is now an integral part of all technology architectures. 

Many digital leaders will be reviewing their chosen cloud services to fit with changing infrastructure needs and to contain costs. This is driven by post-Covid working practices (anywhere, anytime, any device), software suppliers moving to a ‘cloud only’ delivery model and by the use of new ‘heavy-duty’ processing applications, such as generative AI, which cannot be run in traditional ways. 

Public sector digital leaders report not only that they are migrating to primarily cloud-based infrastructures, but the way they do so is governed by issues such as cost, resilience and data control as much as cyber security. 

“Effective management of our asset portfolios is a priority for the council; access to accurate and reliable data will enable us to make evidence-based decisions and is essential to successfully deliver our objectives. Civica’s cloud platform will support our dynamic nature and provide a truly flexible and adaptable solution.”

Cllr Tony Costigan, East Hampshire’s portfolio holder of property

Digital leaders will need to ensure a degree of control of hybrid and distributed (shadow) IT, since this can create huge hidden costs, risks, and inflexibilities for the future. In particular, public service organisations need to control devolved authority to buy new systems that do not comply with governance, data standards, security requirements, or deliver wider corporate value. Strong internal policies that control the choice of solutions and how they are used, including cloud-based systems will become increasingly important. 

Cloud considerations

Cloud considerations

  1. Data security 
    How are cyber practices and incidents reported (including near misses)? What tests are carried out and how frequently? Are staff cyber-trained and will they comply with the expectations of the client for high levels of data probity (e.g., ‘cyber essentials+’). The same time, avoid being locked into portrait, proprietary cloud, data models. 
  2. Cost and value 
    Has the total cost of ownership of the cloud service been considered, including indirect costs? Does the contract restrict the supplier from hiking up service charges? Are there hidden costs or constraints such as data migration? How is this measure and reported on a regular basis by the supplier? 
  3. Data controls 
    Does the platform, the supply chain and supplier practices exhibit the necessary controls and protections reflecting the nature of the service and the data held? How are data controls checked and reported. 
  4. Observability and audit 
    Are there limits on how the client can review performance and data management practices of the supplier? How will audits be undertaken (as if it were an ‘on-premise’ IT function)? Can the totality of IT infrastructure and data use be understood, or has it become invisibly fragmented? 
  5. Service risk 
    How does the hosted service link to other services, systems and data stores within the organization? How are these interdependencies managed? How have business continuity plans been aligned and tested? What IT disaster recovery plans are in place? 
  6. Contract flexibility 
    How much flexibility is there in the contract – growth or increases, adding systems or partners, exit clauses, performance improvements? It is important that a growing range of cloud contracts for public bodies can easily be managed as whole, with consistency of practice and expectations. 
  7. Infrastructure compliance 
    Does the infrastructure, design comply with the clients’ standards, practices and the regulatory framework within which it needs to operate? Does it compromise any part of data architecture, access controls or networking protocols supporting wider mobile flexible working? 

Infrastructure and cloud – trend summary

Overview of the opportunity

IT infrastructure can sometimes be taken for granted in public service organisations outside IT. A commonly held view is that technology is something “under the bonnet” or “in the data centre”. The opportunity is to explain the unique and critical connection between IT infrastructure and the delivery of front line digital public services.

Risks and challenges

  • The dependency on infrastructure, its resilience, as well as its flexibility, is becoming a significant risk and challenge for public service organisations. 
  • IT disaster recovery with business continuity plans should be tested every year against a variety of different scenarios. The key dependencies on IT infrastructure and potential vulnerabilities need to be visible at Board level. 

Early benefits

Effective management of IT infrastructure to ensure its resilience, performance, security and adaptability, will be a key enabler of some of the digital trends described in the report. Without this, it can undoubtedly become a significant barrier to progress.

Application areas

  • Fibre to the home, easy to access and secure Wi-Fi in public places, and strong mobile network coverage everywhere are as important as 5G projects. 
  • Reviewing existing cloud applications, foundations (policies, supplier criteria, data requirements, compliance) and data dependencies to identify opportunities for optimisation, efficiency, or resilience improvements. 

Advice for digital leaders

Basic: IT estate and infrastructure need to be clearly documented and managed, including inter-dependencies, in order to understand and manage risks.

Good: Undertake capacity forecasting and planning, and the link digital technology and data plans to their IT infrastructure implications.

Advanced: Ensure that infrastructure development plans are signed off at board level and in advance, anticipating upgrades, costs, changes, disruption and the value that infrastructure investment can bring to wider digital opportunities.

Case studies from around the world

East Hampshire District Council: East Hampshire Council plans new cloud deployment

The council is preparing to move the management of its property, estates, and asset information onto a single cloud platform.

The Icelandic Ministry of Finance and Economic Affairs: Digital Iceland

An ambitious initiative to accelerate the digital transformation of public services in Iceland in 2019. The overall goal was to streamline the way citizens and businesses access government services by creating more efficient, effective, and user-centric digital services and infrastructure.

Infrastructure and cloud – a look ahead

This theme will continue to grow in importance to encompass support for an increasingly complex inter-connected array of data sets, systems, cloud platforms and networks. This will include intelligent and self-managed infrastructure solutions, as well as dynamic infrastructure that manages a distributed network of technology resources within and beyond the organisation. 

Some of this ‘infrastructure as a service’ (IaaS) will be driven by cost and the practicalities of demands on IT. But much will also be driven by data: the need for flexible and connected data access across multiple physical domains connecting the interests of individuals and their communities. 

This means that organisations must ensure that they have a proper grip on IT infrastructure planning and management, not just relying on the marketplace to deliver whatever is necessary to support their commissioned service offerings. 

Local public services need to work together to ensure resilient, secure and ubiquitous access to sufficient infrastructure capability and capacity to support digitally connected places, working across cultural, administrative, organisational and structural borders. In some countries and in many cities, this is already well advanced. But in other places and in many rural areas, the focus on urban development (and technologies such as 5G and 6G) has left many rural communities behind. 

There are many other technologies and potential digital trends not listed here that we came across during research. It is not that these are unimportant, just that they appear lower down on the list of priorities and practice. 

For example, here are a few of the technology trends that we have covered in previous years: 

  • Low Code/No Code: Increasingly used in many organisations as a ‘business as usual application’ to build faster and better software applications, often associated with other functionality. 
  • Quantum computing: Beginning to appear in specialist application areas, such as research, although issues over environmental costs of processing require attention. 
  • Blockchain: Regularly featuring in articles, it still has a relatively low profile in the public sector and significant concerns over processing costs remain. 
  • 3D printing: This was promoted as a technology that would appear in every home and business. That never happened, but it is now an important application in a range of industries. 
  • Driverless cars: Whilst five years ago some predicted that public services would need to adapt transport planning to accommodate driverless cars, we correctly foresaw that regulation, risk and trust issues would take a longer time to resolve. 
  • Drones: Drones are a widely used technology, mostly for surveillance and spatial planning applications. Expansion into, for example, home delivery using drones remains some time away, although pilots for postal and medical deliveries to remote locations are being trialled. 
  • Mobile coverage: Upgrades of mobile networks will continue, but the focus for most public bodies is on consolidating existing capacity (3-5G) and fixing areas with very poor or no coverage, for example using Starlink technology.  
  • Direct Internet Access (DIA): This technology provides ubiquitous, direct connectivity to the internet and with relevant security measures in place is replacing Multi-Protocol Label Switching (MPLS) private network technology that offers secure and efficient data transfer between defined locations. 
  • IoT: ‘Internet of things’ is embedded in many of our digital and technology trends but as an individual trend it has become ‘business as usual’. 
  • LoRaWAN: Long Range Wide Area Networks are playing a growing role in extending networks of IoT devices in otherwise ‘challenging to reach’ locations. 
  • Biometrics: This is a technology of increasing importance. It is likely to be embedded in a range of new applications, especially for portable identity. 
  • DNA and biotech: This is becoming increasingly relevant in a range of health informatics applications such as gene therapy (more than just paternity suits and ancestry testing). 
  • Social networks: These are ubiquitous but are also growing in the range of options available. It does create some confusion in how public authorities can best harness social media for better public service engagement and delivery. 
  • Apps: Far from a new technology trend, the development of citizen-focused apps has become commonplace. However, the key challenge for public service organisations is to manage the growing array of task-specific apps, such as parking, health and other place-based service apps (‘my town’, ‘my council’, etc.). 
  • RFID: A technology that was a significant development when launched, RFID tags are now everywhere, implanted in assets from equipment to livestock. 
  • Video conferencing: Used to be a key trend until the Covid pandemic, when overnight, everyone started using it. It is now a ‘business as usual’ application. 
  • GPS: Hyper-accurate GPS is included in our ‘spatial technologies’ trend. An accuracy within a few millimetres is opening new possibilities in a range of digital applications. 
  • RPA: Robotic process automation is a trend that we have used before, but, like IoT, it is becoming Integrated in other applications, rather than a technology trend in its own right. The opportunities are considerable in digital automation. 

Useful links

Harnessing innovation in public services 

All our digital trends and a number of the technology trends require a degree of research, experimentation and risk-taking to be successfully deployed. One of the challenges for public service organisations is how to make space for innovation in the face of a growing array of operational day-to-day pressures. 

Ironically, it is the unprecedented pressures on public services that generate digital innovation to change and transform operating models. However, taking on new and innovative projects, with their risks, uncertainties of success and investments needs, can prove difficult to justify. 

From our research for this report, creating the right climate for digital innovation is the starting point and will not only increase the likelihood of success, but also help to identify the right target projects and the basis for benefits realisation.

Four themes standout from the leaders involved in our research: 

Having an appropriate risk model agreed at board level which defines appetite for risk. This means having structures that allow mistakes and waste within boundaries of accountability, with tracking and monitoring to trap problems early and prevent major failures. 

Creating the space for less structured digital projects and testing of new ideas. For example, allowing an informal approach to ‘small works’, a small budget for experimentation, rewards for ‘good ideas’ that can be delivered, avoiding the suffocation of over-engineered controls. 

Developing appropriate governance models that track projects but tolerate flexibility. This may require a new approach from PMOs, board reporting and benefits tracking. Building ‘centres of innovation’ is not necessarily the best approach, since innovation can occur in any part of the organisation. 

Promoting a culture that encourages digital experimentation and appropriate risk taking. This means defining the boundaries of acceptability in innovation activity and how it should function in the context of the organisation’s priorities. Securing successful digital innovation advantage has a huge value to an organisation and few leaders are capable of delivering this. It therefore also needs appropriate reward and incentivisation. 

Creating this climate, requires a clear understanding of the distinctive contributions of ‘digital’, ‘data’ and ‘technology’ innovations: 

Digital possibilities driven by service and citizen needs. A graph of stacked boxes, as follows:
Top: Citizen and service-centered needs
2nd line -3 boxes - Box 1:Community and service context (links to box 2), Box2: Digital possibilities and ideas (links to Line 1 and Line 2), External pressures and opportunities (links to Box 2)
3rd line: Climate and culture of innovation (links to line 2)
4th line: Technology possibilities (links to line 3)

Public sector leaders 

Prioritisation, strong communication and familiarisation with new technologies will be key to success for public sector leaders, avoiding problems with technology projects that all too often afflict public services. 

One area that digital leaders will need to consider in preparing for the future, is the organisation of technology delivery models, including skills and governance. A new approach is needed on a number of aspects in preparing for the future. This will depend on wider organisational digital maturity.

Public sector leaders can do much to encourage necessary change: 

  1. Consider digital and IT capacity and succession planning, and the balance between internal and external skills, especially in areas that will be required to exploit some of the new technologies. 
  1. Consider how IT and digital performance and business cases are reported, including risk modelling and benefits realisation. This includes an objective assessment about whether internal IT models and strategies are fit for the future. 
  1. Become the organisation’s expert in new technology areas, such as artificial intelligence and some of the other key technology trends described in this report. Notably, ensure you have a sufficient grip on cyber risk across the organisation. 
  1. Ensure there is adequate focus on cloud and infrastructure, with appropriate architecture plans (digital and IT) to anticipate infrastructure pressures. 
  1. Do not blur the distinction between “digital” and “technology”. It is tempting for heads of IT and CIOs to see their career path leading towards becoming a CDO, but care is needed to ensure that understanding of the journey to digital maturity is not masked by an over-reliance on technical competence. 
  1. Hone your political and communication skills – success in IT depends on the ability to persuade and influence others, especially in the need and value of investing in digital and IT. 
  1. Put in place an agreed technology architecture and digital architecture, being clear on the distinction in the governance model surrounding each these. 

The following diagram captures the key elements to consider in how IT and digital sit in the wider construct of the organisation’s activities and plans: 

IT and digital models fit for the future graph

On the left: three circles, like a dart board.
Smallest circle: Technology and innovation
Middle circle: Technology infrastructures and security
Largest circle: Digital platforms, policies and concepts.
The largest circle also links to a box on the right hand side, which lists: Data architectures, Delivery channels, People, Processes, Tools and systems

The pace of digital and technology change in the public sector will have a significant impact on skills (a trend we identify this year as prominent). Simply buying in external capacity and specialists on a contract and consultancy basis is not always the best route. Cost, lack of continuity, problems with team cohesion and limited availability of skills in the market can all create obstacles to digital programmes. 

Public sector leaders will need to assess the skills they need for the future, internally and externally, and consider some of the new roles likely to be sought after: 

  • Cloud Architect 
  • DevOps Manager 
  • Digital Risk Analyst 
  • Automation Engineer 
  • VR/AR Designer 
  • Chief Security Officer 
  • Digital CX Designer 
  • RPA Designer and Engineer 
  • Chief Data Officer 
  • AI Engineer and Architect 
  • Digital Product Designer 
  • Data Scientist 
  • Digital Architect 
  • Technology Architect 
  • Business Intelligence Analyst 
  • Digital Supply Chain Manager 
  • Cyber Security Specialist 
  • Security Automation Engineer 

So much digital activity and so much potential from new technologies and data, makes for a challenging as well as exciting time for leaders in the public sector, requiring recalibration and adjustments to be prepared for what lies ahead. 

Relevant Socitm resources