Escalating Cybersecurity Threats and Policy Gaps in the Public Sector
Cybersecurity threats targeting the public sector have intensified, with government agencies and critical services such as healthcare facing increasingly sophisticated and frequent attacks. Motivations for these attacks range from political influence and financial gain to the theft of sensitive citizen data, which is often sold on the dark web. The consequences of breaches in public sector systems are severe, potentially endangering lives, disrupting essential services, and eroding public trust. Healthcare, in particular, has become a prime target due to the high value of medical data, the critical nature of uninterrupted operations, and the prevalence of outdated or insecure systems, making it especially vulnerable to ransomware and other cyber threats.
Despite the growing threat landscape, policy responses have not kept pace. In the UK, the proposed Cyber Security and Resilience (CSR) Bill notably excludes central and local government from its scope, drawing criticism from lawmakers and experts who argue that public sector entities should be held to stringent cybersecurity standards. While the government has introduced a Cyber Action Plan to address some of these concerns, the lack of comprehensive legislative coverage leaves significant gaps in the nation’s cyber defense posture. The urgency for robust, sector-wide cybersecurity measures is underscored by the rising frequency and impact of attacks on public institutions, particularly in healthcare, where operational disruptions can have life-threatening consequences.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Criticism grows over excluding UK government from cyber bill
Reporting and commentary highlighted concerns that exempting government bodies from the flagship cyber law undermines confidence, especially as cyber incidents increasingly affect the public sector. Critics, including Sir Oliver Dowden, urged reconsideration of the exclusion.
Government Cyber Action Plan launched alongside bill debate
Minister Ian Murray said a Government Cyber Action Plan was launched alongside the bill's second reading to hold government departments to equivalent cybersecurity standards without imposing legal obligations. The move was presented as an alternative to including public authorities directly in the legislation.
UK Cyber Security and Resilience Bill gets second reading
The UK government's proposed Cyber Security and Resilience Bill reached its second reading as part of efforts to modernize the country's NIS 2018 regulations. The bill reportedly excludes both central and local government from its scope, prompting debate about accountability and enforceability.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Cybersecurity in the Public Sector: Challenges, Strategies and Best Practices
hackread.com
Open sourceUK cybersecurity bill excludes government, sparking debate
scworld.com
Open sourceUK government exempting itself from flagship cyber law inspires little confidence
theregister.com
Open sourceWhy Cybersecurity in Healthcare Matters More Today Than Ever
osintteam.blog
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Public Sector Cybersecurity Threats and Ransomware Trends
Government organizations worldwide are facing escalating cyber threats, with ransomware and extortion attacks sharply increasing in frequency and sophistication. Over 117 US federal and state entities were impacted in 2024, and attackers are increasingly targeting third-party providers and leveraging new tactics such as data extortion without encryption. The MOVEit and GoAnywhere supply chain breaches have had lasting repercussions, exposing sensitive data from government-linked organizations. Attackers are also employing advanced techniques, including the use of AI for phishing and deepfakes for social engineering, further complicating defense efforts. International coalitions, such as the Counter Ransomware Initiative (CRI), are urging stronger supply-chain cyber defenses and coordinated global action, highlighting the immediate and urgent threat ransomware poses to national security and economic stability. Despite some progress in reducing ransomware payments, attacks continue to disrupt major companies and public sector entities worldwide. The CRI, now comprising 61 countries and six international organizations, has released new guidance emphasizing the need for improved cyber hygiene and legislative action to address supply-chain vulnerabilities. Critics warn that legislative gaps persist, leaving critical systems exposed, while the ongoing digital transformation and prevalence of legacy systems in the public sector further increase risk. The convergence of these factors underscores the urgent need for comprehensive cybersecurity strategies and international cooperation to bolster resilience against evolving threats.
Mar 21, 2026
UK Government Admits Cybersecurity Failures and Launches Major Public Sector Overhaul
The UK government has publicly acknowledged that its longstanding cybersecurity policies for the public sector have failed, leaving critical services and departments vulnerable to cyberattacks. In response, officials have announced a sweeping reset with the introduction of the Government Cyber Action Plan, backed by over £210 million in new funding. The plan establishes a dedicated Government Cyber Unit, sets minimum security standards, and mandates robust incident response capabilities across all departments. This overhaul comes after years of fragmented accountability and recurring cyber incidents, including high-profile attacks on agencies such as the Legal Aid Agency (LAA), which suffered a major breach that went undetected for months despite significant prior investment in security improvements. The Public Accounts Committee has criticized the Ministry of Justice for its handling of the LAA cyberattack, revealing that despite £50 million spent on security, the agency failed to detect the intrusion for four months and delayed taking affected servers offline. The government’s new strategy aims to address these systemic weaknesses by improving risk visibility, enforcing stricter standards, and banning ransom payments by public-sector organizations. The action plan is positioned as a radical shift to protect essential services, restore public trust, and prevent future incidents that could disrupt healthcare, legal, and other critical infrastructure.
Mar 21, 2026
Government Cybersecurity Legislation and Resilience Initiatives
Governments in the US, UK, and EU are advancing major legislative and regulatory efforts to strengthen cybersecurity and resilience across critical sectors and software supply chains. The European Union’s Cyber Resilience Act (CRA) introduces requirements for software and connected product vendors to embed security from the design phase, manage vulnerabilities throughout the product lifecycle, and deliver rapid updates, with global implications for SaaS providers and technology companies. In the UK, the new Cyber Security and Resilience Bill aims to overhaul protections for critical national infrastructure, updating the NIS Regulations and addressing the growing threat from nation-state actors, as highlighted by recent disruptive attacks on healthcare and other essential services. In the United States, Congress has reauthorized the Cybersecurity Information Sharing Act (CISA 2015) through early 2026, restoring liability protections for organizations sharing threat intelligence with the federal government and sector-specific communities. However, the Cybersecurity and Infrastructure Security Agency (CISA) faces significant staffing shortages and capability gaps, prompting calls for increased funding and new strategies to address escalating cyber threats. Collectively, these legislative and regulatory actions reflect a global trend toward more robust, proactive, and coordinated approaches to cyber resilience and critical infrastructure protection.
Mar 21, 2026