Digital Transformation and Cyber Risk in the Public sector

Digital Transformation has become a Covid catchphrase. It’s almost in danger of being lumped in with ‘these unprecedented times’ and ‘the new normal’ as a ubiquitous and near-meaningless cliché. That would be a shame because digital transformation as a concept predates the corona-context by almost a decade and has a scope well beyond short-term lockdown convenience. Indeed, Smart City Status, the ultimate in public sector digitisation, has been a realistic goal worked towards by multiple UK local authorities for many years.

Yet increasing connectivity also increases risk. This article, by public sector digital specialists SA Group, explores the current opportunity for digital advancement, the specific public sector context, the associated risks and how to balance them, and how to scope digital strategy using vision not technology as the main driver.

What are the specific digitisation benefits for the public sector?

Irrespective of the organisation, public sector digitisation offers:

1. Increasing efficiency and transparency;
2. Improving and aligning processes;
3. A roadmap towards Smart government and Smart Cities adoption;
4. Transforming government transaction services;
5. Better access to, and management of, public information;
6. Enhancing citizen satisfaction and trust;
7. Meeting the needs of rapidly changing demographics and balancing costs while optimising efficiency.

These all play a role in the ongoing digitisation and digital transformation of government and the public sector[1].

5 years’ progress in 5 months

Recent research also shows that the COVID-19 crisis has dramatically accelerated the progress of UK digitisation, as a precursor to wider digital transformation, by arguably around 5 years [2] with specific public sector benefits becoming increasingly apparent[3].

There are several key drivers to this:

  • The almost overnight shift to home working for the vast majority of office employees in March of this year, requiring remote connectivity and new ways of collaborating.
  • The need to access public services while maintaining social distancing has encouraged technologically reluctant people to overcome their reservations. Grandparents Skype and Zoom with their grandchildren and Pilates classes continue online without a break; GP consultations are conducted remotely and with reported success; local recycling centres have adopted an appointment-based system that seems to suit both residents and management so well that it looks set to stay.
  • And, critically, the ability of digital technology to mirror or replicate many aspects of previously non digitised life.

Digitisation has enabled society to continue to function, with a lateral thinking Blitz spirit being applied to use technology creatively in keeping calm and carrying on. We’ve worked, exercised and socialised remotely, which has doubtless facilitated a more effective and more bearable lockdown. It’s interesting to reflect that only ten years ago this would not have been possible. The almost universal adoption of smartphone technology and resultant openness to online service access by most, has swept the rest along.

Many people want to see permanent positive change emerging from the pandemic, including a more comprehensive online service provision by the public sector (often caricatured as digital laggards). The multiple benefits of digitisation include more flexible working for employees, greater openness in service access and delivery, streamlined customer interfaces and, not least, badly-needed budgetary efficiencies.  

With connectivity comes risk

Put simply, digitisation requires connectivity – and any network or information connected to the internet opens up the possibility of cyber breach. Public sector organisations have been increasingly targeted during lockdown [4] and relatively easy access to sensitive public data or infrastructure is very attractive to the cyber criminal.

Moreover, GDPR and other privacy regulations require a high degree of accountability when processing public data. It would be easy to allow worries about a duty of care to public information and concern about possible catastrophic breaches to deter us from further digitisation.

“Don’t be scared off needlessly”, advises Steve O’Sullivan, Head of Digital and Cyber at SA Group. “There’s no such thing as zero cyber risk – unless you have zero online presence.

“It’s a question of identifying and assessing each point of connectivity and its associated risks. This informs the decision around the extent of digital advance [5]”

Confronting and scoping the scale of cyber risk sparks debate, and so confers a more switched on attitude to digitisation throughout the organisation. It also improves the awareness of digital risk in all departments because it makes it seem more relevant, helping overcome a longstanding barrier to cyber security.

Digital Transformation’s not just for the IT department

Whether you’re just starting the process or scoping the next stage towards Smart City status, successful Digital Transformation is a comprehensive process of change that involves the whole organisation. It should be led by strategic objectives, steering the process by what needs to be achieved rather than by the technology in place. In the public sector this is made more complex still by the inherent need to interconnect a multitude of service and infrastructure delivery departments which may be at very different stages of digital adoption and ambition.

“It’s critical to grasp that digitisation is a top-down process involving HR, marketing, finance and operational decision makers as well as the CIO or Head of IT” says Steve O’Sullivan. “Each of these departments need actionable & relevant information to competently assess the impact of digitisation and its associated risks to their function.

“At SA Group we’ve realised that digital should be the umbrella that connects all of our services, so our project teams are typically led by someone experienced in overall business delivery. They can take a broad overview of the organisation’s need and bring in technical or cyber specialists at the relevant stage in the project.” Whether you set up your Digital Transformation team using internal or external resource, this technology-agnostic approach is the model Steve recommends to ensure the strategic objectives of the programme are kept in view at all times.  


With the rise of digital transformation as the vehicle to deliver so many new and enhanced versions of public services, it’s easy to become overwhelmed by the speed of digitisation and the unprecedented (that word again) appetite for change. Equally it’s critical to fully understanding the benefits of managing the  transformation process from a strategic overview perspective when developing new digital services, infrastructure and even cities.

Before the widespread adoption of digital transformation, IOT and smart cities thinking there was generally only a limited set of data within a council or public section body that required strong security to be in place, for example around benefit or health records. With the rapid expansion of digitisation, and need for these data driven models to improve services and efficiencies plus the capacity of Smart Cities to utilise the Internet of Things (IoT), there is a wider range of data sets which can be used to improve functionality in a chosen city or project.

Inescapably with this comes the need to ensure that good cyber and digital risk processes and models are in place to prevent any potential data breaches and protect both public data and public confidence in data management.  These need to be considered as early as possible as a key business functional requirement in all the various tasks and activities that go together in undergoing a digital enhancement, whether that’s simply delivering new services online or envisaging a comprehensive Smart City transformation.

Setting about a transformation programme isn’t guaranteed to succeed. It requires the buy-in of all departments and shouldn’t be automatically regarded as the responsibility of the technology lead. Technology should be regarded as the enabler of the collective vision rather than the driver. For this reason a tech-agnostic, business focussed delivery model is the best way to make sure everyone in the organisation is involved and that the process has the optimum chance of success.

About SA Group:

SA Group is a Cyber Security, P3M and Technical consultancy working in critical Public Sector and Commercial markets. They specialise in helping customers scope and deliver against challenges within increasingly complex digital environments.

Their extensive experience in delivering Public Sector projects brings you a better and more thorough service based on a deep understanding of your challenges. Their recent work includes projects for customers including the MoD, the UK Atomic Energy Authority, the Ambulance Radio Programme, Shropshire County Council and Glamorgan County Cricket Club.