Navigating Cybersecurity In a Rapidly Evolving Digital Landscape

The UK has seen a sharp rise in cybercrime targeting public sector organisations over the past year, highlighting the need for stronger digital resilience and security strategies. We hosted the award-winning Public Sector Cyber Security Conference last February in London, which saw a collection of the UK’s data protection and cyber security leaders come together to explore how we can strengthen our collective readiness against cyber attacks.

The threat to government bodies has been escalating, with ransomware, phishing attacks, and outdated technologies leaving many public systems vulnerable. Speakers throughout the day highlighted that cybercrime is not just a financial issue but one that affects national resilience, trust, and stability. If these cyberattacks continue to happen, then the UK population will lose trust in their most integral services.

“The threat landscape, tactics, and the way we adapt ourselves are evolving in tandem.” – Michael Clarke-Sale

Michael Clarke-Sale, the Head of Technology at the NHS Counter Fraud Authority made it clear at the conference that part of the issue is that as we get better at defending against cyber attacks, the attackers get better at exploiting weaknesses, indicating the need for constant vigilance and improvement within organisations. For example, the improvement in phishing emails in recent years. Phishing emails for years were obvious attempts, now emails that look like real messages from trusted contacts can slip people up, as they get better at reaching inboxes and have knowledge of who they are impersonating.

Understanding vulnerabilities and recognising risks

Recognising vulnerabilities – whether they lie in outdated systems, insecure designs, or human error, is the first step to building up better, more effective defences. Research from the National Cyber Security Centre shows that nearly a third of central government systems still run on decades-old technology. This lack of digital maintenance leaves critical services exposed to breaches and exploitation. As mentioned earlier, without constant vigilance and improvement, vulnerabilities will become exposed.

Ransomware in particular has become one of the most damaging threats, costing UK organisations an average of £1.7 million per attack. In the past, ransomware was often just about locking files until a ransom was paid. Today, attackers combine tactics: first encrypting systems, then stealing sensitive data, and finally threatening to leak it publicly, sell it to competitors, or even report breaches to regulators. This makes organisations feel pressured from multiple angles — financial, reputational, and legal, making it harder to manage and respond to breaches.

Recognising the warning signs before an attack escalates is the first step in protecting organisations from long-term damage. Again, the idea of vigilance is on display here. Companies need to be prepared to deal with cyber threats before they come, having the procedures in place to deal with threats as they appear can allow companies to stop attacks before they escalate.

Creating resilience through proactive strategies

Building resilience was another key area explored at The Public Sector Cyber Security Conference. Cyberattacks are becoming more complex, but organisations can prepare by having clear response strategies and backup systems in place. Speakers highlighted the importance of Standard Operating Procedures (SOPs) during ransomware incidents, enabling teams to act quickly rather than react in panic.

While restoring from backups can be useful, Ross Asquith warned of the limitations, noting that backups may also contain long-standing infiltrations. Instead, disrupting encryption and capturing keys can often return control to organisations more effectively.

Another key element of resilience is culture. Andrew Rose, Chief Security Officer at SoSafe, explained that most cyber issues stem from human error, not technology. Training staff to be alert, motivated, and part of a “security culture” is vital to reducing vulnerabilities.

“You increase the motivation and reduce the ability. You start off with awareness. You build behaviour, then you build culture.” – Andrew Rose

SoSafe, Europe’s largest security awareness training and human risk management provider, is coming back to The Public Sector Cyber Security Conference on the 5th of February 2026. You can find out more about the sponsors and speakers who have been confirmed so far, with more on the way soon.

Having cyber resilience at the heart of your team’s culture is an excellent way of creating an organisation-wide effort to fight cyber attacks. Embedding these practices into everyday behaviours will lead to a team that is better equipped should the worst happen. Encouraging staff to report suspicious emails, using a stop and check system and having management lead by example are some examples of building this into the culture of the workplace.

Building a culture of security and accountability

One other area that was spoken about in depth was not just embedding security into organisational culture, but embedding accountability. The World Economic Forum estimates that 95% of cyber incidents stem from human behaviour, meaning that even the strongest technical defences can fail if staff are unprepared.

Andrew Rose urged organisations to move beyond awareness programmes and instead create reward-based security initiatives that motivate staff to stay vigilant. When employees understand their role in preventing breaches, they become active defenders rather than weak links.

“When you get it to a culture level, it becomes self-sustaining.” – Andrew Rose

Creating a culture where staff feel accountable and empowered is one of the strongest shields against cybercrime. The accountability aspect comes through having employees understand the role they play in your organisation’s cyber protection.

In summary, tackling cybercrime requires a ‘whole system’ approach – from technical safeguards to cultural change. Public sector organisations need to have constant vigilance in both their employee actions and in staying up to date with the latest attack and defence strategies and systems in place. This will lead to a public sector that is less vulnerable to attacks, protecting money, resources and public image. The conference concluded with optimism. While cyber threats continue to evolve, so too does our capacity to prevent, respond, and adapt.

We are hosting The Public Sector Cyber Security Conference 2026 on the 5th of February, 2026. It is free to attend, and we aim to build upon the award-winning event, bringing more speakers and sponsors to create a day of meaningful learning and connection. Keep an eye out on our LinkedIn, as we are hosting a free-to-attend online webinar in November, where industry leaders will introduce you to some of the topics being discussed in the February conference.