In 1971, Bob Thomas, a computer researcher in Cambridge, Massachusetts, created a test program that he called Creeper. His aim was to prove the theory first proposed by legendary mathematician John von Neumann that a program could self-replicate.
Thomas released the Creeper worm into the US Department of Defense’s ARPANET’s network (the forerunner of the internet) and it quickly spread leaving the benign message “I’m the creeper, catch me if you can!” wherever it appeared. Thomas had created the world’s first computer virus.
EY Global Government & Infrastructure Leader.
Today, governments and companies find themselves under constant attack from far more hostile and sophisticated forms of computer viruses than even Thomas must have imagined. In 2024, an estimated 600 million cyberattacks were launched against organizations and individuals every day.
What once was considered digital vandalism has been replaced by a potent and destructive combination of ransomware, financial fraud, phishing, tech scam and distributed denial of service (DDoS) attacks perpetrated by nation-states, cybercrime groups and other influence operations groups.
It’s not surprising then that protecting sensitive data is one of the top 10 risks faced by governments and the public sector.
Reimagining cybersecurity to stay ahead of the game
Governments are being proactive in addressing cyber threats on a regional and national level. The EU, for example, has adopted the Network and Information Security (NIS2) and Critical Entities Resilience Directive which provides a baseline for cybersecurity risk management and reporting obligations across critical sectors.
The National Cybersecurity Authority (NCA) in Saudi Arabia has set several cybersecurity regulations that all government entities and critical national infrastructures must comply with. Australia’s 2023-30 Cyber Security Strategy, meanwhile, seeks to protect small- and medium-sized businesses against cyber threats — such is the vulnerability of these businesses.
Cyber threats, however, will continue to grow at an exponential rate globally, powered by increasingly disruptive technologies such as Gen AI, the Internet of Things, cloud and quantum computing. As these threats increase, the role of cybersecurity within governments and organizations will also have to become more robust and strategic.
In the simpler days of online governance, the focus of cybersecurity was on protection, compliance obligations, and reducing and quantifying risk.
Now, though, the leading cybersecurity functions are evolving into key enablers of organizational strength and development by helping other areas of government and business adopt and build technology (notably AI), improve customer experience and even develop new products and services.
How to turn cybersecurity into strategic advantage
To address these challenges, governments can prioritize the modernization and reinforcement of their digital infrastructure.
Leveraging emerging technologies such as blockchain, with its capability to create immutable records, enhances supply chain transparency and improves accountability in vendor management. AI-driven digital twins, meanwhile, provide early detection of vulnerabilities and can simulate potential attack scenarios to prepare defenses.
Equally important is the development of a skilled, adaptable cybersecurity workforce. Continuous investment in targeted skills enhancement and practical training programs builds the technical expertise and security-conscious culture needed within government agencies.
The EY Government State and Local 2025 Survey Findings demonstrate that, despite budget constraints, nearly half of government IT leaders in the US prioritize workforce upskilling, recognizing its importance in effectively managing evolving cyber threats and harnessing emerging technologies such as AI.
Establishing standardized governance, ethics and compliance frameworks across government entities is essential to eliminate fragmentation and boost accountability.
A harmonized governance model ensures consistent compliance with national and international cybersecurity regulations, providing a clear framework for risk management and data protection.
The EU’s NIS2 Directive serves as a strong example of how unified governance can streamline incident reporting and enhance security across critical sectors.
Finally, fostering close collaboration among governments, private sector organizations and international partners is vital in building a resilient defense ecosystem — as is the timely sharing of threat intelligence and coordinated incident response.
Public-private partnerships not only accelerate mitigation of cyber incidents but also drive innovation in security solutions, underscoring the power of collective action to safeguard national cyberspace.
The history lesson for becoming cyber secure
Bob Thomas’ Creeper virus was nullified a few months later by another program called Reaper that was written by one of his colleagues, Ray Tomlinson (better known for inventing e-mail).
In today’s digital era, however, governments don’t have the luxury of waiting even a day to respond to threats such are the risks to national security, public services and the privacy of their citizens.
That’s why protecting digital infrastructure and sensitive data is not merely a necessity but a strategic imperative — one that helps build the trust and resilience essential for effective governance.
We've featured the best encryption software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.