Culture of secrecy
CYBER-ATTACKS pose a growing threat to companies and to public bodies as hackers hold them to ransom by stealing confidential data. New figures show the number of such attacks has increased, with a dozen reported to the Scottish Government by public organisations this year.
But full details of the targets of these hacks have not been released – and nor has it been disclosed whether personal information was compromised.
Ministers insist that in most cases the incidents were not deemed serious enough to warrant ‘national co-ordinated support’.
But the ‘serious and complex’ cyberassault on Sepa, the environment agency, late last year demonstrated the possible repercussions. Sepa said the attack was likely by ‘serious and organised criminals’ and was under investigation by police.
Four years ago, 11 Scottish NHS boards had their computer systems paralysed, which led to some appointments and procedures being cancelled.
The decision not to divulge which bodies have been hit by these cyber-intrusions is a further reflection of the secrecy culture now deeply ingrained in the public sector.
We deserve to know whether our personal data may have been hacked. But the information is being kept under wraps, for reasons that are far from obvious.
If the objective is to keep us in the dark and prevent reputational damage to key public services, that would be a deplorable abdication of responsibility.
Ministers must name the organisations targeted and step up the war on cyberhackers before more sensitive personal information falls into their clutches.