The public sector stands at a critical crossroads of digital transformation, where ambition meets significant technological challenges, according to Jonathan Lee, director of cyber strategy at Trend Micro.
“We’ve got this massive technology debt that’s built up over time,” said Lee. “It’s like having grand AI aspirations, but we can’t forget the core risks that exist around getting the basics of cybersecurity right.”
Lee highlighted the current government’s progressive stance towards digital government, noting that figures like Peter Kyle MP are championing technology and digital innovation. However, he warned that this forward momentum must be balanced with fundamental security practices.
The skills gap emerges as a primary obstacle. NAO data reveals that one in three central government cyber roles are either temporarily filled or vacant, with approximately 60 critical systems experiencing personnel gaps.
“It needs to be a team sport,” said Lee, who advocates for cross-sector collaboration and resource sharing.
Supply chain risks represent another significant challenge. Lee describes these risks as potentially the “biggest issue facing the public sector,” extending beyond traditional IT system considerations to broader organisational vulnerabilities. Critically, Lee stresses that cybersecurity is fundamentally a human issue, not just a technological one.
“Cybersecurity is often talked about in cost terms, but it’s a human issue,” he said. “When patients can’t receive blood transfusions or operations due to system failures, that’s far more important than money.”
If you liked this content…
The approach Lee recommends centres on proactive risk management. Organisations must prioritise understanding their specific threat landscapes, articulating risks to leadership, and implementing continuous improvement strategies. He added that certain tools make complex cybersecurity metrics digestible, such as percentage-based risk scores that board members and non-technical stakeholders can easily understand.
Emerging technologies like AI also present both opportunities and challenges. The government is pushing forward with digital initiatives, but Lee cautioned that this must be done securely.
“You can’t build the future on a bed of sand. It’s got to be a secure foundation.”
Legislation and compliance frameworks like Cyber Essentials provide guidance, but Lee believes organisations cannot rely solely on these standards. “Legislation is inherently behind the curve,” he said. “By the time it goes through Parliament and consultations, everything has moved on.”
Looking ahead, Lee sees collaboration and transparency as key. He praised initiatives like the British Library’s open reporting of their breach, which allows other organisations to learn and improve. “If we can all learn together and move forward together, that’s really important,” he said.
“It’s about keeping a complex world simple and easy to understand. How can we give people the tools and insight to prioritise what really matters to their organisation?”
