In the first blog in this two-part series for the public sector, we explained how our Threat Intelligence team has tracked over 70 new cybercriminal groups in the first six months of 2025, as well as identifying some audacious new tactics for pressuring victims to pay ransom fees.  

Quorum Cyber’s report, Relentless Threats: 2025 Mid-Year Global Cyber Risk Outlook, released in August 2025, examines this new wave of threats from January to June, explaining who the cybercriminals are, how they operate, and why they pose a risk to the public sector.  

The financial impact on the public sector 

Our Threat Intelligence team reports that cybercriminals’ ransom demands have increased by 53% since 2022. Public sector organisations remain particularly vulnerable due to the high volume of confidential data they store and because any disruption to their services affects citizens’ everyday lives – and can quickly attract media attention. 

Criminals know that the public sector is operating under constrained budgets and doesn’t always have the funds to invest in in-house cyber security teams. However, the cost of cyber-attacks is rising, and public sector organisations need to find a way to protect themselves from harm. 

Building resilience in the public sector: Key recommendations  

Public sector organisations must adopt robust security practices. Our report offers practical steps to strengthen cyber resilience, including: 

1. Policies to counter social engineering:  

Requests for credential reset for users with admin privileges should require additional investigation by engaging with user line management before password resets are issued.  

2. Intelligence-led vulnerability management:  

Maintain a strong, intelligence-led patching policy that prioritises vulnerabilities that are under active exploitation or those that have a published proof of exploit.   

3. Harden cloud storage and key management: 

Disable customer-managed encryption features such as AWS SSE-C unless strictly required. Implement logging and alerting on changes to encryption policies, data lifecycle rules, and access permissions in cloud storage services like AWS S3 and Azure Blob.  

4. Critical systems resilience:   

Maintain offline, encrypted backups of critical data. The UK’s National Cyber Security Centre (NCSC) recommends the rule of ‘3-2-1’: three copies, on two devices, and one offsite.  

5. Enhance User Awareness and Engineering Security Culture: 

Educate staff, particularly developers and IT personnel, on social engineering threats such as job lures, fake recruiters, and infostealer-delivered malware. Encourage timely reporting of suspicious activity.  

Are you ready to strengthen your cyber resilience? 

UK public sector organisations must realise that cyber threats are no longer isolated incidents, but part of a dynamic, service-driven ecosystem. Making sure defence strategies are up to date is paramount, requiring agility, collaboration, and continuous training, as well as a deep understanding of how and when adversaries innovate. 

You can learn more about the new wave of threats in Relentless Threats: 2025 Mid-Year Global Cyber Risk Outlook Report and access more details about how to protect your IT systems, your data, and your organisation from harm. 

Contact us today to speak with our experts and receive tailored support to strengthen your security posture.