Reinforcing the frontline: how the UK public sector can strengthen its cyber defences

The UK’s public sector is under siege. From central government to local councils and NHS trusts, a relentless wave of cyberattacks is exposing critical vulnerabilities and shaking public confidence in our digital infrastructure. Over the past three years alone, the volume of cyber incidents targeting public services has surged by more than 300%, while ransomware recovery costs now average £2.08 million per incident.

The warning signs are everywhere, and the consequences are real. The Cabinet Office has acknowledged that cyber threats have “dramatically outpaced” current defences. Nearly 28% of government IT systems still rely on outdated legacy infrastructure, with a quarter classified as high-risk. In this climate, the challenge is no longer whether the next attack will come, but whether organisations are ready when it does.

A new reality of risk

Recent breaches have laid bare the fragility of critical systems. Hackers’ infiltration of the Ministry of Defence’s Defence Gateway and the theft of 600 staff passwords underscored the risks of inadequate system oversight. Meanwhile, an attack on an MoD supplier compromised payroll systems, highlighting the sector’s persistent supply chain vulnerabilities.

Across government, legacy infrastructure continues to hinder resilience. Eleven of Whitehall’s core systems are reportedly rated “red” for cybersecurity, making them the weakest link in national defence.

And the pattern repeats across public services. Last year, Wirral University Teaching Hospital declared a major incident after losing access to all electronic records, a haunting echo of 2023’s Synnovis ransomware attack that crippled London hospitals. In response, NHS leaders issued an open letter urging suppliers to commit to a new Cyber Security Charter, recognising that resilience now depends on collective accountability.

Local authorities are also on the front line. Gateshead Council faced a $600,000 ransomware demand from Medusa operators, while Glasgow City Council saw planning and pension systems disrupted after a targeted attack. Even long-overlooked systems like those at the Legal Aid Agency have become flashpoints; hackers accessed applicant data stretching back to 2010, highlighting the challenges of maintaining legacy systems in complex government environments.

The ripple effect across the economy

The public sector isn’t alone. The UK’s private sector has also faced an unprecedented surge in cyberattacks from retail and manufacturing to financial services.

The Marks & Spencer breach disrupted online orders and contactless payments, costing an estimated £300 million, while Jaguar Land Rover’s attack halted production for weeks, costing around £50 million per week in losses.

The message is clear: cyber risk no longer stops at organisational boundaries. Supply chain dependencies mean that a single weak link can disrupt entire ecosystems.

A turning point for public sector cyber resilience

Across the UK’s public sector, cybersecurity has reached a critical inflection point. With rising attack volumes, resource constraints, and legacy systems under increasing strain, organisations are recognising the need for a smarter, more sustainable model of defence.

Research and field evidence, like covered in white paper “Strengthening the UK Public Sector’s Cyber Defences” by Hytec, now part of Civica, the UK’s leading public sector software provider, show that Managed Security Service Providers (MSSPs) and Managed Security Operations Centres (MSOCs) are becoming essential pillars of that model. These partnerships provide round-the-clock monitoring, AI-driven threat detection and proactive incident response - capabilities that are often difficult to sustain internally given persistent skills shortages and budget pressures.

The results speak for themselves: more than 70% of UK public sector organisations reported cyber incidents in the past year, yet those that engage with MSSPs and MSOCs have seen response times improve by up to 65% and operational costs fall by over a third. One large metropolitan council, for example, achieved immediate gains in both threat detection and compliance after adopting a managed SOC approach.

At Civica, we see this evolution as part of a broader transformation, one that aligns closely with the UK Cyber Assessment Framework (CAF). Strengthening governance, risk management and incident response is no longer about compliance alone; it’s about ensuring resilience is built into every layer of public service delivery.

From reaction to resilience

Building cyber resilience requires a mindset shift. For too long, many organisations have focused on reacting to incidents rather than anticipating and preventing them. A modern, intelligence-led approach, underpinned by collaboration, shared visibility and data-driven decision-making, is now essential.

At Civica, we believe resilience starts with embedding cybersecurity into governance frameworks and culture. That means modernising outdated infrastructure, integrating real-time monitoring and ensuring teams have the insight and agility to respond to evolving threats. It also means fostering trusted partnerships across the public sector and its supply chains, ensuring that every participant operates to consistent, high security standards.

Cyber resilience cannot be achieved in isolation. The scale and sophistication of today’s threats demand a connected, cooperative response. Together with our cybersecurity specialists and partners, Civica is helping public sector organisations move from fragmented, reactive postures to cohesive, proactive ecosystems, capable of detecting, containing and mitigating threats before they cause disruption.

This is not just about protecting systems; it’s about protecting citizens’ trust in the essential services they rely on every day.

Building the future of public trust

As cyber threats grow in scale and sophistication, the public sector must defend not just its systems, but the trust of the citizens it serves. Every disrupted hospital, council or department erodes that trust, but with the right strategy, technology and partnerships, resilience is achievable.

The path forward requires urgency, investment and leadership, but also optimism. With expert-led frameworks, the UK public sector has a roadmap to safeguard the essential services that underpin our society.

About Civica

Civica is a global GovTech champion focused on developing critical cloud-based software and services that are integral to the everyday lives of citizens around the world. From central and local government to education, health and care, more than 6,000 customers trust and partner with Civica, using our software to deliver critical services to more than 100 million citizens. With operations in seven countries across North America, Europe and APAC and more than 20 years of experience, we’re passionate about supporting the needs of citizens and those that serve them every day. Find out more: www.civica.com

About Hytec

For over 40 years, Hytec has been at the forefront of protecting organisations against evolving cyber threats. We provide comprehensive managed cyber security, compliance and information governance services tailored to organisations of all sizes. Our team of highly experienced security professionals - with over 200 years of combined expertise - deliver tailored solutions that secure data, mitigate risk and future-proof operations. As a trusted advisor to local authorities and healthcare providers, we understand the specific challenges faced by regulated industries. Whether safeguarding sensitive citizen data or securing life-critical healthcare systems, we combine technical expertise with deep sector experience to address emerging and complex challenges. Find out more: www.hytec.co.uk

Cyber Resilience Programme activities

techUK brings together key players across the cyber security sector to promote leading-edge UK capabilities, build networks and grow the sector. techUK members have the opportunity to network, share ideas and collaborate, enabling the industry as a whole to address common challenges and opportunities together. Visit the programme page here.

Upcoming events

Latest news and insights

Learn more and get involved

Cyber Resilience updates

Sign-up to get the latest updates and opportunities from our Cyber Resilience programme.

Meet the team

Jill Broom

Head of Cyber Resilience, techUK

Jill leads the techUK Cyber Resilience programme, having originally joined techUK in October 2020 as a Programme Manager for the Cyber and Central Government programmes. She is responsible for managing techUK's work across the cyber security ecosystem, bringing industry together with key stakeholders across the public and private sectors. Jill also provides the industry secretariat for the Cyber Growth Partnership, the industry and government conduit for supporting the growth of the sector. A key focus of her work is to strengthen the public–private partnership across cyber to support further development of UK cyber security and resilience policy.

Before joining techUK, Jill worked as a Senior Caseworker for an MP, advocating for local communities, businesses and individuals, so she is particularly committed to techUK’s vision of harnessing the power of technology to improve people’s lives. Jill is also an experienced editorial professional and has delivered copyediting and writing services for public-body and SME clients as well as publishers.

Email:: [email protected]
Website:: www.techuk.org/
LinkedIn:: https://www.linkedin.com/in/jill-broom-19aa824

Read lessmore

Annie Collings

Programme Manager, Cyber Resilience, techUK

Annie is the Programme Manager for Cyber Resilience at techUK. She first joined as the Programme Manager for Cyber Security and Central Government in September 2023.

In her role, Annie supports the Cyber Security SME Forum, engaging regularly with key government and industry stakeholders to advance the growth and development of SMEs in the cyber sector. Annie also coordinates events, engages with policy makers and represents techUK at a number of cyber security events.

Before joining techUK, Annie was an Account Manager at a specialist healthcare agency, where she provided public affairs support to a wide range of medical technology clients. She also gained experience as an intern in both an MP’s constituency office and with the Association of Independent Professionals and the Self-Employed. Annie holds a degree in International Relations from Nottingham Trent University.

Email:: [email protected]
Twitter:: anniecollings24
LinkedIn:: https://www.linkedin.com/in/annie-collings-270150158/

Read lessmore

Olivia Staples

Junior Programme Manager - Cyber Resilience, techUK

Olivia Staples joined techUK in May 2025 as a Junior Programme Manager in the Cyber Resilience team.

She supports the programs mission to promote cyber resilience by engaging key commercial and government stakeholders to shape the cyber resilience policy towards increased security and industry growth. Olivia assists in member engagement, event facilitation and communications support.

Before joining techUK, Olivia gained experience in research, advocacy, and strategic communications across several international organisations. At the Munich Security Conference, she supported stakeholder engagement and contributed to strategic communications. She also worked closely with local and national government stakeholders in Spain and Italy, where she was involved in policy monitoring and advocacy for both public and private sector clients.

Olivia holds an MSc in Political Science (Comparative Politics and Conflict Studies) from the London School of Economics (LSE) and a BA in Spanish and Latin American Studies from University College London (UCL).

Outside of tech, Olivia enjoys volunteering with local charities and learning Norwegian.

Email:: [email protected]

Read lessmore

Fran Richiusa

Programme Team Assistant for Public Sector Markets, techUK

Fran serves as the Programme Team Assistant within techUK’s Public Sector Market Programmes, where she is responsible for delivering comprehensive team support, managing administrative functions, and fostering strong relationships with members.

Prior to joining techUK in May 2025, Fran built a meaningful career in the charitable and local government sectors. She worked extensively with both victims and perpetrators of crime, and notably led the coordination of Domestic Homicide Reviews across Surrey—an initiative aimed at identifying lessons and preventing future incidents of domestic abuse.

Outside of work, Fran is an avid traveller and a proud cat mum who enjoys unwinding with her feline companions.

Email:: [email protected]
Website:: www.techuk.org/
LinkedIn:: https://www.linkedin.com/in/francesca-richiusa/

Read lessmore

Reinforcing the frontline: how the UK public sector can strengthen its cyber defences

A new reality of risk

The ripple effect across the economy

A turning point for public sector cyber resilience

From reaction to resilience

Building the future of public trust

About Civica

About Hytec