Well documented data security breaches at Tesco, Northern Lincolnshire and Goole NHS Trust, Sage, and TalkTalk have recently thrown the challenge of protecting information into the spotlight. The threat from cyber attacks has been one of the UK’s top four risks to national security since 2010, yet it has taken the Government too long to consolidate and co-ordinate its ‘alphabet soup’ of agencies involved in protecting Britain in cyberspace. The Cabinet Office’s role in protecting information remains unclear within central government, and there appears to be no coordination across the wider public sector. There is little oversight of the costs and performance of government information assurance projects, and processes for recording departmental personal data breaches are inconsistent and dysfunctional. Poor reporting of low level breaches, such as letters containing personal details being addressed to the wrong person, reduces our confidence in the Cabinet Office’s ability to protect the nation from higher threat cyber attacks. The use of the internet for cyber crime is evolving fast and the government faces a real struggle to find enough public sector employees with the skills to match the pace of change.
1 February 2017