Hacker surrounded by threats and icons representing the public sector.

Cyber Security Threats

Top 5 cyber threats facing the public sector

30 November 2023 · 13 min read

The public sector is relying more and more on digital technology for everyday operations, which is very convenient, but also risky, given the ever-present threat of cybercrime. Government bodies, healthcare providers, universities, and public services are prime targets for hackers fascinated by disrupting critical infrastructure – the backbone of our cities’ safety and functionality.

Recent findings by the European Union Agency for Cybersecurity cast a spotlight on the vulnerability of the public sector, particularly in governments and public administration, which stand out as prime objectives for cyberattackers. This sector leads the list of most targeted areas, accounting for a staggering 24%.

Adding another layer to this intricate picture is the financial resonance of cyber threats. According to the IBM Cost of a Data Breach 2023 report, the toll of each cyber security incident in the public sector averages a substantial $2.60 million. Unlike many would think, the cost of a breach isn’t just about repair expenses. It encompasses ransom payments and legal fees – a weighty burden impacting budgets meant for community service.

Infographic highlighting that the average cost of a cyber security incident in the public sector is $2.6 million, according to the IBM Cost of Data Breach 2023 report.

It’s undeniably an uphill battle, with cybercriminals continuously evolving and navigating novel routes around cyber security measures. In this crucial moment where the public sector stands out as a prime target in their playbook, joining forces and sharing knowledge becomes critical to fortify our defenses. In this article, we contribute our share by weaving together valuable insights that add another piece to the tapestry of cyber security know-how. 

What makes the public sector a magnet for cyberattacks?

Cybercriminals don’t target the public sector by accident. From the high volume of data to the appeal of public exposure, there are many reasons why the public sector appeals to cybercriminals scheming their next big attack.

The goldmine of public sector data

Public sector organizations are entrusted with a wealth of sensitive and valuable data, including citizen records, government operations, and critical infrastructure information. This breadth and depth of information inherently appeal to cybercriminals seeking to exploit it for various gains. With the public sector overseeing critical infrastructure for public transportation, healthcare, and education, the potential damage of exploited data is widespread. Login credentials, personal emails, addresses, identification info, payment details, and so much more could be compromised if cyber security measures fail.

Outdated technology and security measures

Entities from the public sector often struggle to keep up with the latest tech trends and cyber security measures. Outdated IT systems and software contain vulnerabilities that are well-documented and known to cyberattackers. These vintage technologies lack the security features of their modern counterparts, providing cybercriminals with a treasure trove of entry points.

The interconnected nature of outdated government systems can also amplify the impact of a successful cyberattack. A breach in one department can potentially spread to other agencies and systems, creating a cascading effect.

Limited security budgets and understaffed teams

Compared to private sector corporations with bigger budgets, many public sector organizations are not fully prepared to defend themselves against a cyberattack, especially in the most at-risk departments: security, finance, and IT. The public sector’s heavy reliance on taxpayer dollars leads to budget restrictions and bureaucratic red tape, which in turn make it difficult to implement comprehensive cyber security measures that match the level of risk. A 2021 ICMA report found that the top three barriers to local government cyber security are the inability to pay competitive wages, not enough cyber security staff, and an overall lack of funds.

The lure of public exposure for hackers

Companies from the public sector handle vast amounts of sensitive information, from citizen data to classified national security details, and the public’s reliance on these institutions means any security breach has the potential for widespread impact and public scrutiny. Cybercriminals are motivated by the potential to disrupt operations, steal valuable data, or compromise public trust. As such, the public sector becomes an appealing target due to the potential for gaining notoriety, causing political turmoil, and leveraging the fear and uncertainty that a data breach or cyberattack can generate among the public.

Geopolitical strategy and cyberwar

Disrupting or infiltrating public sector organizations can have profound geopolitical implications, allowing cybercriminals to exert pressure, gain strategic advantages, and further their political and military objectives. For example, by compromising critical infrastructure and stealing sensitive information, cybercriminals can destabilize governments, erode public trust, and manipulate international relations. A stark example of this happened with the notable surge in cyberattacks following the on-going Ukraine conflict.

The public sector represents a high-value target for cybercriminals seeking to exploit vulnerabilities for geopolitical gain, making it a primary battleground in the complex arena of cyberwarfare and state-sponsored hacking.

Infobox on whether critical infrastructure is at risk in attacks to the public sector.

The public sector under siege: 5 cyber threats pushing the public sector’s limits

Out of a vast array of cyber threats bombarding the public sector, a few stand out for their persistent harm and frequency. The top five culprits governments can’t afford to ignore are ransomware, state-sponsored attacks, phishing, DDoS, and hacktivism. Understanding these is crucial for enhancing cyber security and protecting valuable assets.


When it comes to cyber threats, ransomware is one of the top adversaries of security teams. Ransomware doesn’t just lock up your data. It puts a stranglehold on the essential services that public sector organizations provide, making it exceptionally problematic. And there’s even a more damaging version, which is double extortion. In this case, hackers not only encrypt vital data but also threaten to release it publicly if the ransom isn’t paid, making the stakes even higher.

For public sector entities, which often hold sensitive citizen information and critical infrastructure details, the implications are disastrous. The reputational damage, financial loss, and disruption of services can have far-reaching consequences that go beyond the immediate crisis.

The 2022 IBM data breach report found that the average cost of ransomware recovery – remediation efforts after an attack – was $4.54 million in 2022. That’s on top of the actual ransom demand, which could be in the thousands, hundreds of thousands, or even millions, depending on the size of the breach. With limited budgets primarily funded by taxpayer dollars, public sector organizations are faced with mounting costs and public pressure to fix the problem as soon as possible.

Infographic showing that the average cost of a successful ransomware attack is $4.54 million per company, excluding ransom, sourced from IBM's 2022 data breach report.

State-sponsored attacks

A state-sponsored attack is when one state or nation attacks another government agency’s systems to collect intelligence and weaken critical infrastructure.  

The public sector is one of the most common targets for state-sponsored cyberattacks because of the potential impact across multiple agencies and resources. Public sector organizations often oversee critical infrastructure like power grids, transportation systems, and healthcare facilities. Disrupting these systems can have a direct impact on national security and public safety.

The2022 Microsoft Digital Defense Report revealed cyberattacks by governments aimed at critical infrastructure rose from 20% to 40%, largely due to Russia targeting Ukraine’s government agencies and espionage targeting allies like the US. As the geopolitical climate continues to intensify with conflicts all around the globe, the public sector needs to be on high alert for such serious threats to national security.

Quote by Stéphane Duguin, CEO of the CyberPeace Institute, saying, 'When states continue to use their resources to conduct surveillance attacks, they are investing in global cyber insecurity, because for that surveillance to work, they need to ensure there are vulnerabilities in the cyberspace.'


Phishing attacks pose a cunning threat to the public sector, relying on deceptive tactics to trick employees into revealing sensitive information. In this digital age, where communication channels are diverse, cybercriminals often send fraudulent emails or messages disguised as trustworthy entities. Public sector organizations, with their broad range of services, become prime targets for tailored phishing campaigns. These deceptive messages, seemingly official and urgent, aim to exploit the natural inclination to trust familiar sources.

But the consequences of falling victim to phishing extend beyond data compromise. Cybercriminals, armed with unauthorized access obtained through phishing attacks, can escalate their intrusion to exploit critical databases. This can lead to identity theft, jeopardizing both employees and the citizens they serve. The fallout from such identity theft can extend beyond the digital realm, impacting lives and compromising the integrity of public-facing services. Additionally, the repercussions of a successful phishing attack can disrupt essential services, from healthcare systems managing sensitive patient information to governmental agencies overseeing public safety.

Distributed Denial of Service (DDoS) attacks

Distributed Denial of Service (DDoS) is another serious cyber threat targeting the public sector and putting innocent citizens in the crosshairs. DDoS attacks aim to deny access to services, applications, or websites by overwhelming their servers with a flood of malicious traffic. By disrupting government websites or online services, attackers can create public confusion and distrust. In fact, DDoS attacks on government entities increased by 177% in 2023, largely motivated by geopolitics.

Government agencies may also become targets due to their enforcement or regulatory actions, leading to DDoS attacks launched in retaliation by individuals or organizations aggrieved by government actions. A successful DDoS attack can have significant economic consequences by disrupting government operations and services. This can lead to financial losses and impact a nation’s economic stability.

Bar chart showing a 177% increase in DDoS attacks from 2022 to 2023.


As social or political activists leverage cybercrime to amplify their voices, hacktivists are driven by a compelling motivation to target government organizations responsible for shaping and enforcing laws and policies, especially those perceived as conflicting with their own convictions.

Government institutions, by virtue of their role as powerful symbols of authority and control, become natural focal points for hacktivists aiming to challenge or oppose specific governmental actions and values. Beyond mere acts of cyber defiance, hacktivists often articulate their discontent through demands for increased transparency, accountability, or adherence to ethical standards from the government, turning cyber activism into a potent threat that aims to reshape not only online narratives but also influence real-world policies and practices.

Cyber onslaught: Stories of attacks on public sector entities

Despite the intangibility of these threats, they are relentless, ever-evolving, and have real consequences on public sector organizations. Here are some compelling real-life examples of cyberattacks against different areas of the public sector.

News clippings from several online newspaper covering stories of attacks on public sector entities.

Governments rocked by coordinated cyberattacks

City, state, and federal governments are all at risk of cyberattacks, with the potential fallout being dangerous for both employees and the general public. For example, a Russian crime syndicate launched a coordinated ransomware attack against more than 20 Texas municipalities in early 2021. There were minor inconveniences, with meeting agendas and vital records inaccessible online, but the larger problem was police officers couldn’t look up digital records, and cities couldn’t process their payrolls. The biggest concern was one unnamed city forced to manually operate the water supply system for a week while systems were offline.

This growing trend has targeted countries around the globe. In July 2023, Kenya’s eCitizen portal went down following a cyberattack, meaning over 5,000 government services were no longer available online. People couldn’t access passport applications, visitor visas, driving licenses, ID cards, or health records, while mobile banking and transport services were also interrupted. A group of Sudanese cyberwarriors called Anonymous Sudan claimed responsibility for this wave of cybercrime, warning anyone who interferes in Sudan’s internal affairs will be targeted.

Schools struggle against sophisticated cybercrime

The education system has been impacted by cyberattacks carried out by hackers who want a vast amount of data and influence. Los Angeles Unified, the second-largest US school district, was hit hard by hackers at the start of the 2022/23 school year. Vice Society, a Russian crime syndicate, demanded a ransom payment from the school district after stealing 500 gigabytes of sensitive data. The district’s refusal to pay the ransom resulted in the exposure of 2,000 students’ data on the dark web, including assessments, driver’s licenses, Social Security numbers, and COVID test results.

Just a few months later, the same hackers targeted the UK education sector, with 14 schools suffering a ransom attempt after student’s personal info, including passport scans, and staff contracts were stolen and then leaked online. Hackers then prompted the affected schools to issue public statements in an attempt to reassure families that their data was protected. Attacks like these take the focus off of learning and force education administrators to scramble for a solution, which usually comes too little, too late.

Healthcare halted by hacking attempts

When public health organizations are impacted by cybercrime, there’s a sense of urgency considering the sheer volume of sensitive personal information, as well as the need for uninterrupted healthcare services. A ransomware attack in 2021 crippled St. Margaret’s Health in Spring Valley, Illinois, making it impossible to submit insurance claims for months. The financial strain forced the hospital to close permanently in June 2023, highlighting the severe impact of cybercrime on healthcare organizations.

Attacks on healthcare providers are part of an alarming trend, as cybercriminals follow in the footsteps of the 2017 WannaCry ransomware hackers who launched a successful attack against Microsoft Windows users worldwide. The UK’s National Health Service (NHS) was one of the largest victims in the attack, with up to 70,000 computers and medical devices shut down across England and Scotland. Some services had to divert ambulances and send non-critical emergency patients back home. The total cost to the NHS was £92 million, with substantial losses from canceled services and IT remediation efforts.

Strategies to shield your organization from attacks

Now that real-life examples have unmasked the stark impact of cyberattacks in the public sector, defending public organizations from these digital onslaughts is more urgent than ever. The strategies outlined below form a dynamic arsenal designed to shield public sector entities from the relentless evolution of cyber threats and fortify the resilience of critical systems.

  1. Security awareness training: Ensure that all staff members receive regular training on the importance of cyber security, current threats, and best practices. Use real-world examples, conduct simulations, and ensure everyone comprehends their role in safeguarding the organization’s data.
  2. Multi-factor authentication (MFA): Implement MFA across all systems, particularly for privileged accounts. This additional layer of security guarantees that even if credentials are compromised, unauthorized access can be effectively prevented.
  3. Endpoint security: Employ advanced endpoint protection platforms that surpass traditional antivirus solutions. These platforms should offer real-time monitoring, threat detection, and automated responses to suspicious activities.
  4. Network segmentation: Isolate sensitive data by segmenting your network. This precaution ensures that even if attackers gain access to a portion of the network, reaching critical systems or data becomes a formidable challenge.
  5. Regular patching and updates: Maintain the security of all systems, applications, and devices by routinely updating them with the latest security patches. Automated patch management solutions can streamline this process efficiently.
  6. Incident response plan: Develop and consistently update a comprehensive incident response plan. Conduct drills regularly to ensure that all stakeholders are familiar with their roles and responsibilities in the event of a breach.
  7. Backup and disaster recovery: Regularly back up critical data and systems, storing backups both on-premises and off-site. Routine testing of the recovery process ensures data integrity and availability.
  8. Zero trust architecture: Embrace a zero trust framework where every access request undergoes thorough verification, regardless of its origin. This approach minimizes the likelihood of internal threats and breaches resulting from compromised credentials.
  9. Continuous vulnerability assessments: Conduct regular vulnerability assessments and penetration testing to identify weak points in your systems and applications. Promptly address identified vulnerabilities to maintain robust defenses.
  10. Collaborate and share information: In the context of the public sector, foster collaboration with other governmental agencies and entities. Sharing threat intelligence and best practices can provide early warnings and contribute to a collective defense against both common and emerging threats.

Public sector on alert: How can SoSafe help?

Public sector organizations are facing a deluge of cyber security risks, and with limited budgets and under-resourced departments, they can’t fight this battle alone. In the current digital landscape, the compelling need for robust cyber security education takes center stage, serving as an indispensable cornerstone in our collaborative defense against the ceaseless evolution of cyber threats.

At SoSafe, we make cyber security education easier and more engaging than ever before, thanks to our E-Learning platform with gamified experiences to enhance one’s knowledge and ensure stronger defenses against cybercrime.

Governments, schools, and healthcare providers can especially benefit from phishing education and awareness, as misleading messages are a common occurrence in successful cybercrime campaigns against the public sector. Our phishing simulations with specific templates for public sector organizations use real-life scenarios to increase practical knowledge of these threats, taking employees on a journey of continuous learning to adopt safer and smart digital practices. As a result, the risk to public sector organizations decreases, with incident reporting and response times improving, too.

To help public organizations make informed decisions about cyber security, SoSafe offers an innovative Risk & Reporting Cockpit, a valuable tool for tracking employee behavior and actionable insights to further evolve the cyber security culture. The more public sector employees are aware of the risk, the more they can do to identify and stop threat actors before it’s too late.

SoSafe’s specialized cyber security awareness and risk management tools can help your organization minimize risk and build a stronger, more successful security culture.

You might also be interested in:

Do you want to stay ahead of the cyber game?

Sign up for our newsletter to receive the latest cyber security articles, events, and resources. No spam, only content that truly matters.

Newsletter visual