Skip to Content
Group of business professionals looking at a report.
Article

New approaches for managing risk in the public sector

March 6, 2023 / 4 min read

The public sector faces an ever-evolving risk landscape. Organizations must take a new approach to risk management — one that puts security and trust at the very foundation of everything they do.

The public sector — from state and local governments to schools, universities, and other organizations — faces a growing and increasingly complex world of risk. Understanding and managing these risks requires public sector organizations to take a new approach to risk management — one that puts security and trust at the very foundation of everything they do.

The public sector’s ever-evolving risk landscape

The risks faced by local governments and other public sector organizations are changing fast — and multiplying faster. Cybersecurity threats from both domestic and foreign actors are on the rise, including ransomware attacks that disrupt organizations’ ability to serve the public. At the same time, more and more sensitive data is being collected, stored, and shared every day. The move to adopt new technologies such as cloud-based services can also lead to unexpected risks related to controls and configurations. Because of these issues, new regulations and legislation have been enacted to protect citizens’ data rights, creating a web of new requirements to navigate.

The move to adopt new technologies such as cloud-based services can also lead to unexpected risks related to controls and configurations.

Many public sector organizations want to improve their governance, risk management, and internal controls to protect constituents, but a number of obstacles pose a challenge. Budget constraints often force decision-makers to choose between proactive risk mitigation and investments that appeal to citizens and stakeholders. It’s hard to compete with the private sector for the talent and expertise needed, compounding staff shortages. And institutional resistance to change can make it difficult to embrace new processes and controls, even when adopting new technologies. As a result, governments and education organizations are left vulnerable to cyberattacks, fraud, and other frontline threats.

Manage risk through careful planning and new technologies

You can overcome challenges and achieve risk management goals with careful planning and modern technologies such as cloud-based services. The first step is to conduct a thorough assessment of technology-related risk across the organization. Ask yourself:

The first step is to conduct a thorough assessment of technology-related risk across the organization.

This assessment must extend beyond processes to people as well. Do you have the right people in the right roles, performing the right tasks? At a minimum, we recommend you conduct this assessment annually. Larger entities — a densely populated county or a large school district or state university, for example — may wish to perform some aspects of the assessment more frequently, such as a network security test.

It’s important to remember that this regular assessment simply captures a point in time and identifies risks requiring attention at that time. Subsequent assessments should track how these prior risks have been remediated or resolved. Each assessment forms the basis for developing a risk mitigation action plan to help you define what actions you’ll take, monitor performance, and continuously improve. This doesn’t mean you need to do everything at once, though. Realistically, risk mitigation planning involves prioritizing the gaps to be addressed, based on their severity and potential impact.

You can also mitigate risks through the capabilities of new technologies themselves — as long as those features are understood and taken advantage of during implementation. For example, a cloud-based tool could replace multiple manual accounts payable processes with one best-practice process that streamlines and automates much of the work, from invoice processing to electronic payments. Adopting the cloud-based process not only improves efficiency, but it also reduces the risk of error or fraud.

Zero-based trust: A growing trend

Embracing the cloud and other new technologies can also help you take advantage of an emerging trend: zero-based trust. 

Zero-based trust is an IT security model that requires strict identity verification for every person and device trying to access network resources, whether inside or outside the network perimeter. The model is designed to protect remote workers and secure data and infrastructure from end to end. Most prominent technology vendors are now including zero-based trust concepts and protocols in their architecture, which makes it easier for governments and organizations to adopt them. Zero-based trust can significantly reduce the risks of unauthorized access to systems and data.

Risk is changing — and with it, risk management

The public sector’s risk landscape is evolving rapidly, but public sector organizations can adapt and take action now to understand, manage, and mitigate the risks they face.

This article is an excerpt from Public sector tech trends: A modernization guidebook. Your stakeholders expect a digital-first experience, and our experts are here to help you deliver. Download the full guidebook for tips insights to help you build a more secure and resilient organization. 

Related Thinking

Aerial view of interstate highway without traffic.
February 20, 2023

Launching new permitting, compliance, and licensing technologies to enhance digital services at the City of Doral, Fla.

Case Study 3 min read
Two business professionals in a very modern office setting using a handheld tablet to view information.
February 2, 2022

Public sector tech trends: A modernization guidebook

White Paper 20 min read
Empty street and building front
October 21, 2021

Are you prepared for the next disruption? An enterprise risk management handbook

White Paper 16 min read