Cybersecurity Awareness and Risk Management in the Public Sector
Keywords:
Public Sector, Cybersecurity Awareness, Risk Management, Insider Threat, Phishing, National Policy, Governance.Abstract
Cybersecurity has emerged as a significant concern for public sectors in this period of speedy digital transformation and increasing dependence on technology. As these entities are custodians of enormous warehouses of sensitive information, such as classified data, financial, and personal, they are key targets for malicious cyber activities. The adoption of emerging technologies such as the Internet of Things (IoT), Artificial Intelligence (AI), and cloud computing is intensified by the growing threat landscape, which compels a vigorous and multidimensional approach to cybersecurity. The behaviour of the employees, mostly affected by low awareness and weak digital hygiene, remains a crucial vulnerability. This research studies the interdependency of awareness of cybersecurity and risk management approaches in public sector organizations. Making use of a qualitative method that features literature review, case study, and policy analysis, the research examines common threat vectors, analyzes practical incidents, assesses regulatory frameworks, and offers actionable recommendations to improve cyber resilience. The findings highlight the significance of a socio-technical method that merges people, processes, and technology to efficiently manage the risks of cybersecurity in government establishments.
Downloads
References
Adeleke, O., Onifade, A., and Ogunleye, A. (2023) ‘Cybersecurity Policy Implementation in Nigeria: Challenges and Opportunities’, Journal of Cyber Policy and Governance, 5(1), pp. 34–48.
Akhgar, B. and Brewster, B. (2021) Strategic Intelligence Management: National Security Imperatives and Information and Communications Technologies. Elsevier.
Australian Cyber Security Centre (2022) Annual Cyber Threat Report 2021–2022. Australian Government. Available at: https://www.cyber.gov.au (Accessed: 10 May 2025).
Bada, M. and Nurse, J. R. C. (2019) ‘The Social and Psychological Impact of Cybersecurity on Public Sector Organizations’, Journal of Cybersecurity, 5(1), pp. 1–12.
Center for Internet Security (CIS) (2023) CIS Critical Security Controls Version 8. Available at: https://www.cisecurity.org/
controls/cis-controls-list (Accessed: 10 May 2025).
Creswell, J. W. and Poth, C. N. (2018) Qualitative Inquiry and Research Design: Choosing Among Five Approaches, 4th edn. SAGE Publications.
Cybersecurity and Infrastructure Security Agency (CISA) (2022) Cybersecurity Advisory on Ransomware Threats. U.S. Cybersecurity and Infrastructure Security Agency.
Deemantha, N. S. (2024) ‘Ransomware Threats Targeting the Healthcare Sector’, International Research Journal of Innovations in Engineering and Technology, 8(1), pp. 158–167.
Denzin, N. K. (2012) ‘Triangulation 2.0’, Journal of Mixed Methods Research, 6(2), pp. 80–88.
European Union Agency for Cybersecurity (ENISA) (2023) Threat Landscape for Public Sector Organizations.
Forrester (2023) Zero Trust Extended Ecosystem Landscape, Q2 2023.
Gartner (2023) Cybersecurity Trends and Forecasts.
Government Accountability Office (GAO) (2023) Federal Agencies Need to Improve Supply Chain Risk Management. U.S. Government Accountability Office.
Hadnagy, C. and Fincher, M. (2021) Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails. Wiley.
IBM (2023) Cost of a Data Breach Report 2023. IBM Security. Available at: https://www.ibm.com/reports/data-breach (Accessed: 11 May 2025).
International Organization for Standardization (ISO/IEC) (2022) *ISO/IEC 27001:2022 – Information Security Management Systems Requirements*.
Keating, M. (2025) ‘Ransomware is a Growing Threat, but Local Governments are Training Staffers to be More Aware’, The American City & County.
Kshetri, N. (2022) ‘Cybersecurity in Government: Challenges and Solutions’, Government Information Quarterly, 39(1).
National Institute of Standards and Technology (NIST) (2021) Framework for Improving Critical Infrastructure Cybersecurity (Version 1.1)
National Institute of Standards and Technology (NIST) (2022) Cybersecurity Workforce Training Guide.
Organisation for Economic Co-operation and Development (OECD) (2023) Building a Culture of Cybersecurity in the Public Sector.
Ponemon Institute (2021) Cost of Insider Threats: Global Report. Sponsored by ObserveIT and IBM.
Ross, R., Pillitteri, V., Dempsey, K., Riddle, M., and Guissanie, L. (2022) *Security and Privacy Controls for Information Systems and Organizations: NIST SP 800-53 Rev. 5*. National Institute of Standards and Technology.
SANS Institute (2023) Annual Phishing Simulation Benchmark Report.
Verizon (2023) Data Breach Investigations Report (DBIR).
Wang, Z., Zhu, H., and Liu, P. (2021) ‘Social Engineering in Cybersecurity: A Domain Ontology and Knowledge Graph’, Cybersecurity, 4(1).
Yin, R. K. (2018) Case Study Research and Applications: Design and Methods, 6th edn. SAGE Publications.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.
