Skip to the content
James Ambrose, Head of Public Sector Sales at Chess, comments on the new Government Cyber Security Strategy 2022 – 2030 and addresses the main challenges organisations may face:

The UK Government has just launched their first Cyber Security Strategy. The main goals are to significantly harden the government's critical functions to cyberattacks by 2025 and improve public sector organisations' cyber resilience to known vulnerabilities and attack methods by 2030.

Unfortunately, approximately 40% of the 777 incidents managed by NCSC between September 2020 and August 2021 affected the public sector making it a primary target for malicious actors. The strategy highlights cyberattacks impacting both Redcar & Cleveland and Hackney Councils, but there are many more examples seen over the last year causing a devastating impact on critical Public Sector organisations and services. So the threat is real, and the threat is now. This is why it is fantastic to see a central strategy to protect the UK Public Sector.

The strategy will be underpinned by CAF (Cyber Assurance Framework), which is linked to NIST. The framework assesses how organisations manage cyber risks. CAF is to be used either by the responsible organisation as a self-assessment or by an independent external entity.

2 Pillars will form the basis of the strategy:

1: Build a strong foundation for organisational cyber resilience

  • Structure
  • Tools
  • Mechanisms
  • Support

2: Defend as one via a newly formed Government Cyber Coordination Centre

Five objectives underpin the two strategy pillars.

  1. Manage cyber security risk
  2. Protect against cyber attacks
  3. Detect cyber security events
  4. Minimise the impact of cyber security incidents
  5. Develop the right cyber security skills, knowledge and culture



The cyber threat landscape is constantly changing. Ransomware, Phishing, Data Protection, AI, Human Threat – the way the cyber world evolves is drastic. Therefore, our approach to cybersecurity needs to adjust accordingly and frequently.

The public sector need to have full visibility of the threat landscape. They need to be able to see and remediate vulnerabilities, monitor systems 24/7/365 to detect security events and keep the essential services and infrastructure operating. Access to information and event data is also a key component. When an event happens, it's critical to have access to the data to investigate and remediate promptly. Chess advocate a layered security strategy known as Defence in Depth to achieve all this.


The first challenge the public sector will meet is always budget. The UK Government has committed to increasing the funding to tackle cyber security. However, public sector organisations will need to work with trusted third-party advisors to gain value for money in the defence against cybercrime. Security collaboration is critical, so choose solutions and systems that work well together.

Given that cyber incidents are the 3rd biggest business risk for 2021* (last year’s top risk) and the average cost of remediating a ransomware attack now at $1.85 Million** prevention must be better than the cure!


The second challenge will be resource and knowledge. In order to monitor and secure systems and data, the public sector will need to deploy threat hunting capability to ensure 24/7/365 protection. While AI will be key, the human factor will remain vital to boost cyber resilience. Managed service providers will likely support the in house teams, reducing overheads and addressing the skills gaps.


Thirdly, I see adoption and change management as a tremendous factor as well as sharing experience across the entire public sector to truly defend as one. Again, the human element is key - cyber training, adopting new policies, and ensuring correct procedures are in place will reduce cyber risk. Collaboration on best practices and technology will be a big success criterion to ensure the strategy meets its full potential.


Events will happen, but preparation is key to success. The organisations may have the technology, services and support to monitor and protect their data and operations. However, they also need to test those technologies and services, so they are ready to respond in the event of a real-world incident. Penetration testing and red team exercises are vital to dealing with the cyberthreats to the public sector, learning the lessons and strengthening the defences. You should also consider preparing a Disaster Recovery plan, which our consultants can advise you on.

Sophos 2022 Threat Report

Read Now


The Government Cyber Security Strategy is a positive first step to protect the valuable services the Public Sector deliver. It's great to see a joint approach to fighting malicious actors.

We are proud to serve the Public Sector customer base with customers in NHS, Government, Blue Light, Housing and Education. As the Sophos Public Sector Partner of the Year 10 years in a row, one of the most accredited Microsoft partners in the UK and a team of more than ten CREST and CHECK certified penetration testers, our security team will continue to support you on your cyber journey. So please reach out and have a conversation with us to see how we can help you protect your data.

We offer free security consultations with our CREST-certified penetration test experts. Book yours today to ask any security questions you may have about delivering The Government Cyber Security Strategy.

Recommended Content

Vulnerability Assessment v Penetration Test

Vulnerability Assessment v Penetration Test

Gavin Wood, CTO at Chess, explains the difference between Vulnerability Assessment and Penetration Testing and their applications.

Your CREST Accredited Penetration Test Report

Your CREST Accredited Penetration Test Report

Gavin Wood, CTO at Chess, uncovers what is Penetration Testing and what a Penetration Test report should provide.

James Ambrose

James Ambrose

James Ambrose, Head of Public Sector Sales at Chess, is responsible for leading Public Sector sales and our dedicated teams in government, health, education and housing. James joined Chess in 2019 and has a demonstrated history of working in the Information Technology and Cyber industry.

Speak to a Product Specialist

You can fill out the form and one of our product specialists will contact you shortly with more information.
To contact our Sales team directly, please call 0344 770 6000 and choose option 4.
Customer Service
For general queries or to report a non-urgent fault, please log a ticket on our customer portal using the email address associated with your account. Logging a ticket is quick and easy to do. Once you have logged your ticket, we will respond within 24 hours or your Service Level Agreement, whichever is quicker.
I agree for my information to be used for marketing communications.
Chess Privacy Notice

By submitting your personal information through this form, you consent to your information being processed in accordance with the Chess group privacy notice.