New report

Strengthening cybersecurity in social security

New report

Strengthening cybersecurity in social security

A new report by the International Social Security Association (ISSA) outlines the increasing cyber risks for social security institutions, and presents potential mediating strategies and measures. The report will inform the production of new ISSA Guidelines on Cybersecurity.

In our increasingly digitalized societies, cyber threats represent a growing concern for governments and public institutions. The new ISSA report Enhancing the protection and cyber resilience of social security administrations: Introduction to cybersecurity, outlines this landscape from the perspective of the need to secure the operation of social security.

The World Economic Forum’s (WEF) Global risks report 2021, presents cybersecurity failure as one of the most important and most likely risks facing the world in the next two years. Cyber attacks happen all the time, and may have severe impact on public services. The new ISSA report mentions WannaCry from 2017, a ransomware attack that affected organizations on several continents. In the United Kingdom, IT systems and medical devices were blocked, severely disrupting medical services.

Information and communication technologies (ICT) are widely and increasingly used by social security administrations to deliver social security services essential for society. In this line, and because they hold a substantial amount of data on citizens, social security institutions are part of the critical infrastructure of society and prone to be targets of cyberattacks. COVID-19 has further boosted the use of digital solutions, and the ISSA report explains how this has brought new cyber threats and vulnerabilities to the forefront.

Tackle through strategy – new ISSA Guidelines

To tackle increasing cyber risks, institutions have to set up cybersecurity strategies to secure their essential systems, service delivery and data, in order to deliver on their mandate to protect the citizens. However, cybersecurity remains challenging to understand by non-specialists and costly to implement.

The ISSA report introduces the basic cybersecurity concepts and presents an approach for social security institutions. In addition to implementing internal measures, the approach recommends developing close collaboration between social security institutions, national cybersecurity authorities and relevant international organizations.

To support its member institutions in this regard, the ISSA is preparing new guidelines on how social security institutions can tackle cyber threats, and the report provides important input to this work. The ISSA Guidelines on Cybersecurity will be influenced by the Cybersecurity Framework of the National Institute of Standards and Technology (NIST) in the United States and recommendations of the International Telecommunication Union (ITU), and formed by the specific concerns, challenges, interests and priorities of social security administrations.

A first ISSA webinar on cybersecurity was organized on 28 July, and had 376 registrations from 107 institutions in 73 countries. This is a sign of the strong interest in this issue by social security organizations today, and that there will important and rich discussions among ISSA members in the development of the ISSA Guidelines on Cybersecurity. These will complement the guidelines on Data Security and Privacy in the ISSA Guidelines on Information and Communication Technology.

Another upcoming ISSA report will address the issues of protecting the key institution’s data assets from different risks, not only cyber risks but also catastrophes and natural disasters.