The UK is now among the countries in the world most targeted by cyberattacks. Last year, the National Cyber Security Center (NCSC) handled a record 204 cyberattacks “of national significance,” a sharp 130% increase from the previous 12 months.
Public sector organizations are increasingly in the line of fire when it comes to cybersecurity incidents. In December 2025, Kensington and Chelsea Council was hit by a cyberattack that compromised the personal information of hundreds of thousands of residents.
This included sensitive data that could increase residents' exposure to fraud and social engineering.
Senior Director of Solutions Engineering at HackerOne.
These incidents are not isolated either. As geopolitical tensions rise, state-backed cyber campaigns become more prevalent alongside financially motivated criminal groups. Many of these operations target identity systems and cloud collaboration tools, which are critical entry points into government networks and sensitive data.
This growing threat is compounded by structural challenges within the public sector itself. Public sector organizations often face challenges updating and keeping up with ever-changing technology, and many still rely on legacy systems. Limited budgets for modern defenses, employee training, and security personnel further increase exposure.
Pronounced challenges at the local level
These challenges are particularly pronounced at local authority level. Many UK councils share technology stacks, vendors and IT infrastructure, meaning a successful attack can be replicated or even pivoted across multiple organizations operating in similar environments.
Recognizing the scale of the challenge, the UK Government is on a mission to improve national cyber resilience. Through the NCSC, it is working across both the public and private sectors to improve defensive posture, collaborating with local authorities, businesses and operators of critical national infrastructure.
The government has also announced a £210m investment aimed at bolstering public sector cyber defence, a clear sign that protecting digital services is no longer optional.
The stakes are high, and traditional approaches to Internet security are struggling to keep pace with an expanding threat landscape.
A new model of modern cyber defense
Several solutions exist to help organizations strengthen their defenses, and many public sector organizations are adopting continuous threat exposure management (CTEM) approaches. It focuses on continually identifying, validating, and reducing real-world risks across your entire attack surface.
This change reflects a move away from one-time testing toward continuous, evidence-based safety validation. By combining AI-powered automation with expert-led validation, organizations can continually assess complex environments with greater depth and accuracy than traditional approaches alone. This includes specialists with expertise in emerging areas such as AI model security and data privacy.
Instead of relying exclusively on automated scanning tools or periodic assessments, modern approaches introduce adversarial validation, which tests systems in ways that reflect how real attackers behave. This helps uncover complex vulnerabilities and attack paths that traditional methods may miss.
This continuous validation reduces the window of exposure by identifying and confirming exploitable vulnerabilities faster, allowing organizations to respond before they can be exploited. Organizations can scale these capabilities as needed, whether evaluating new applications or maintaining continuous visibility into critical systems.
Crucially, this approach provides measurable information about security effectiveness. By focusing on validated vulnerabilities and real-world exploitability, security leaders can prioritize remediation efforts and demonstrate significant risk reduction to executives and boards of directors. Frameworks such as Return on Mitigation (RoM) offer a structured way to quantify the tangible impact of these programs.
Strengthening security at scale
These approaches are increasingly relevant as cybercrime continues to grow in scale and sophistication. Many organizations now find themselves under sustained pressure from well-organized threat actors, particularly when aging infrastructure, limited security resources, and limited budgets create exploitable gaps. For public sector institutions responsible for safeguarding large volumes of sensitive data, these pressures can be especially severe.
Putting STEM into practice requires a structured and platform-based approach. Security leaders must first define the scope. Identify critical systems, assets and services and align efforts to achieve measurable risk reduction results. From there, organizations can integrate continuous discovery and validation into a unified workflow that combines automated testing with expert-led assessments.
As validated findings emerge, teams can prioritize remediation based on exploitability and business impact, ensuring resources are focused on the most important exposures. Over time, this creates a continuous feedback loop that strengthens the overall security posture.
In environments such as local government, where councils often rely on shared providers and similar technology stacks, this model also allows for more coordinated approaches. This includes cross-authority threat intelligence, joint exercises and shared testing methodologies that reduce duplication while increasing resilience across the board.
For STEM to be successful in government settings, strong operational barriers are essential. This includes clear authorization, a well-defined scope, prioritization frameworks, and remediation processes that can scale without overwhelming already overburdened teams. Without these foundations, greater visibility may risk increasing existing delays rather than reducing them.
As public services become increasingly digital, the priority for governments is to rapidly expand their security capabilities. Moving to continuous, validated exposure management allows governments to not only find vulnerabilities, but also demonstrate what is exploitable, prioritize effectively, and reduce risk at scale. All while keeping pace with a threat landscape that is evolving faster than traditional models can manage.
We have the best software asset management (SAM) tools.
This article was prepared as part of TechRadar Career Insightsour channel to feature the best and brightest minds in today's tech industry.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing, find out more here:
