Nearly half (44 percent) of UK public sector IT leaders believe their cybersecurity tools aren’t fully up to the job of safeguarding sensitive data.
A survey of 100 public sector IT decision-makers by SolarWinds contends that system complexity and budget limitations are two main issues contributing to the reported cybersecurity gaps.
The study found that 58 percent of IT leaders describe their technology environments as ‘extremely’ or ‘very’ complex, with health and education sector respondents reporting the highest levels of IT complexity (70 percent) compared to regional and central governments (45 percent).
Nearly one in four respondents (23 percent) cited financial limitations as the top barrier to strengthening cybersecurity. While complexity might explain the current state of cybersecurity readiness, restricted budgets hinder the ability to modernise systems, perform upgrades or invest in essential staff training.
If you liked this content…
“These findings reflect a public sector under mounting pressure to address rising cyberthreats while navigating regulatory and fiscal constraints”, said Richard Giblin, head of public sector and defence at SolarWinds. “Despite the clear need to modernise, complexity, cost and trust remain substantial barriers.”
Human factors also remain a critical concern. Most respondents (56 percent) cite the biggest security threat as coming from careless or untrained insiders. This underscores the importance of improving cyber hygiene and implementing robust awareness and education programmes within organisations.
The research indicates an increasing interest in observability and AI-powered solutions as ways to boost resilience against cyberthreats, with 53 percent stating that enhancing system and process observability is a top priority for the future. These technologies are valued for their ability to support real-time monitoring, expedite incident response and facilitate predictive threat detection.
“To make meaningful progress, public sector organisations must align across departments and integrate technologies such as observability and AI with well-defined governance, comprehensive training and a shared commitment to security at all levels,” said Giblin. “Technology alone is insufficient – it must be part of a broader, strategic approach to cyber-resilience.”
