The Headline

 

 Bespoke Online Security Awareness Course

 

Cyber Awareness video based training for your organisation from the BAFTA-nominated team behind the BBC’s brand new mandatory Cyber Training course, at a cost of between 6.5k and 13.5k per local authority, depending on the number that pledge interest. 

 

The Proposal

 

The BBC commissioned Matobo Ltd to deliver their Cyber Awareness training video's. They had been hacked very publicly by various underground state-sponsored organisations, and in each case, the security penetration could be traced back to a common cause - you and me. BBC Information Security were so impressed with audience feedback to Matobo's fresh and approachable delivery of the animated training series, they approached the BBC Trust, who approved it as a mandatory training course for every one of the 20,000 employees of the BBC - and this World Class communications organisation are not an easy bunch to please. 

 

Whilst there are software solutions and business processes to deal with cyber threats, local government needs to also address the 'people' part of the puzzle. Instead of buying in expertise to run time-bound in-house cyber threat training, this proposal seeks to bring together a group of interested local authorities to work with a team of leading writers, film-makers and animators to develop an appropriate course for all levels of local government employees around cyber threats. Working from a basis of what has already been commissioned by the BBC and adapting that for the public sector will offer significant savings and deliver an unrivalled training solution to really address the public sector's cyber threat and the associated costs. 

 

Matobo Ltd is a BAFTA-nominated team, with a proven background in high-end BBC/Discovery/Nat Geo TV. We've worked for nearly two years on this project, and learned a lot about Cyber Security Awareness in the process, so we're uniquely placed to deliver your organisation’s concerns about Cyber Security to your workforce. Many of your issues as an organisation are shared by other public sector bodies, so this opportunity allows you to share the costs of delivering those common learning objectives, whilst allowing some extra resources to tailor the training video's to the culture and issues that are unique to you. 

 

 

Cost & Savings

 

Costs per Local Authority:

 

No of LA's involved 

Core Costs (per LA) exc VAT 

5 

£13,300 

6 

£11,084 

7 

£9,500 

8 

£8,313 

9 

£7,389 

10 

£6,650 

 

Where do the costs come from?

 

Over time we have developed a simplified rate-card formula for calculating the cost of this kind of production; £3000 per minute, which includes the entire production and delivery process. However, we already have a series of tightly-researched content, produced for a high level public-facing institution, which we believe will address most of your organisation's cyber-awareness training needs.  

 

The current series totals 30 minutes. 

 

Many of the existing assets – research, script, visual movements and sound design etc – can be re-purposed without going completely back to scratch, so we can offer a significant saving on our rate-card price, at £1500 per minute. We realise there will be some additional content required, to address the unique needs of local authorities, so we have allowed an additional 10 minutes, to cover the cost of integrating this extra content. So in total, we are factoring in 20 minutes of existing, re-purposed material and 10 minutes of new material.

 

Cost Details: 

 

Item 

Unit Cost 

Sub Total 

TotalexcVAT 

Pre-Production: 

  • 10 days local government cyber threat research 
  • Preparation and facilitation of Scoping Workshop 

£650 

£6,500 

 

Production: 

  • 20 minutes finished 2D Animated training video modules (re-purposed) 

£1,500 

£30,000 

 

 

Production:  

  • 10 minutes finished 2D Animated training video modules (new) 

£3,000 

£30,000 

 

 

TOTAL 

 

 

 

 

£66,500 

 

Savings:

 

The costs above represent a significant discount on developing this content from a standing start. Re-use of existing assets already developed saves participating local authorities £60,000.  

 

Background

 

To set the context to this pitch one simply needs to type in 'cyber threat in local government' into a search engine and see the swathe of results. Their frequency, the numerous examples of successful cyber attacks and the increasing urgent tone across the industry is a testament to the growing importance of this critical issue across local government and the wider public sector. 

 

Public authorities are the number one target for attacks in the UK, with recent reports suggesting that nearly 40% of malware attacks - surreptitious downloading of software to disrupt computer operations, gather sensitive information or gain access to private systems – are against public sector organisations.  

 

"The public sector is five times more likely to be targeted for attacks than the media and finance sectors." 

 

Public Finance states:

  

"Recent high-profile attacks on local authorities include ransom demands, theft of email and home addresses and breaches in security and have heightened growing concerns about cyber threats.  

 

"The value of the personal data held by public authorities makes them an attractive target to cyber criminals. The consequences of a cyber attack have the potential to be considerable and can include business interruption, data loss, and the theft of intellectual property, significantly impacting both individuals and organisations. 

 

"In some circumstances, the threat of a cyber attack will extend beyond a public authority. Significant risks remain through exposure from third parties, whether they are service providers, product suppliers or customers. Therefore, public sector organisations need to improve supply-chain resilience to cyber attack, particularly in cases where they have smaller business partners who are typically less well protected."

 

The very nature of local government makes it both difficult to defend and an optimal target to attack; large quantities of sensitive data in constant transit across multiple bodies, much of which has the legal requirement of being accessible and transparent for constituents. 

 

Local Gov last year reported that "Both Lincolnshire County Council and North Dorset District Council fell victim to ransomware attacks, the latter affecting over 6,000 files. Ransomware has become increasingly popular, with attackers not needing to steal information, just encrypt it and then sell access back to the owners. 

 

"Last year, data showed that almost 75% of security breaches came from within organisations’ own networks. The majority of these were not malicious, but inadvertent. All it takes is one person who does not know how to share information securely within the government network for it to fall into the wrong hands."

 

Research shows that just 41% of UK Government organisations believe their current IT security practices offer suitable protection against the growing threat of cybercrime. In a growing trend, local authorities now cite "protecting against cyber risk" as a top priority. Indeed almost 50% of respondents to a recent survey said they had no idea if their security practices were good enough, additionally indicating a low level of awareness of cyber security and cyber crime across the general local government workforce.

 

Headline Business Case

 

Educating employees and other people who have access to your systems about the range of cyber threats and best practice in terms of cyber protocol, is now critical in order to reduce the growing, costly internal threat. 

 

Currently, across both business and government, the spend on cyber insurance does not meet the threat and the focus of the spend is not on target. Industry research shows that on average, 80% of an organisation's cyber insurance spend is on external threats with 20% on the internal threat. In fact, 78% of cyber threats are 'internal'; coming from negligent employees, phishing, combining personal and work data on private devices, multitasking, lack of awareness etc. And it takes on average a third longer to identify insider threats than external ones. 4 

 

The 'insider threat' is now listed number 7 in ENISA's (EU Agency for Network & Information Security) top 25 of cyber threats for businesses and government; and it is a growing trend. It must be clarified that the majority of the threat is 'accidental' (68%), with 'intentional' insider threats at 22% and compromised insiders at 10%. But whether there is malicious intent or not,  the cost is huge. 

 

Whilst there are software solutions and business processes to deal with the cyber threats, local government needs to also address the 'people' part of the puzzle, and we believe there is an opportunity to build on the work commissioned by the BBC – with similar ethics, governance and cyber threats to local government -  to reuse elements of the series and in addition make them pertinent and relevant to a local government community. 

 

This proposal seeks to bring together a group of interested local authorities to work with leading writers, film makers and animators to develop an appropriate course for all levels of local government employees. Working from a basis of what has already been commissioned by the BBC and adapting that for the public sector will offer significant savings and deliver an unrivalled video training solution to really address the cyber threat and associated costs.  

 

Project Description

 

We are seeking to work together with 5-10 local authorities to define the specific needs of local government in terms of cyber threats and the best way of delivering training films to government employees and partners. The pitch has two distinct work streams, the first being an analysis phase, which will look at the needs of local government - much of which will overlap with those experienced at the BBC (see list of their cyber threat subjects below) - but some won't. This will enable us to exploit anything already useful and identify what is missing to ensure the greatest possible impact on the workforce within local government as well as significantly reducing the costs. This phase will also consider what degree of localisation is required.  

 

The second part of the proposal will then look at creating a local government specific set of training films to be deployed across all participating partners. This will entail scripting, editing, content/commentary creation, animation, review and deployment.  

 

For the BBC, Matobo Ltd created a series of 10 animated films which clearly and concisely address a range of cyber threats (please see below)  

 

Introduction: 

1) Understanding the Threat - Our Personal Responsibilities 

Security Basics: 

2) Passwords 

3) Scams 

Online Safety: 

4) Social Media 

5) Secure Use of the Internet 

6) Online Services & File Sharing 

Protecting My Information: 

7) Email 

8) Portable Devices & Apps 

9) Offline Security 

10) When to Seek Advice 

 

Key features of the approach include: 

  • Delivers your key learning objectives in easy to consume chunks; 
  • Easy to update - 2D animation is non-linear and can be edited easily; 
  • Unlimited distribution of the content on your own e-learning or intranet infrastructure across the organisation; 
  • Learners can be tested at various stages, to ensure key learning objectives are being met. 

 

Click here to read: What do we need - what steps are involved?

 

Organisation Profile

 

Matobo Ltd is uniquely placed to deliver an optimum balance of high quality, reliability and value for money. 

 

Proven delivery of high quality video material to public-facing organisations, at the very highest level of quality expectations - we have been the preferred supplier for all of the BBC Academy College of Technology video assets since January 2012, plus numerous other web assets for other BBC divisions, including R&D, Information Security, UX&D and iPlayer. They are the most prestigious broadcaster in the world and have the highest expectations of quality. Were not just people who have worked in TV” - we’ve shaped and lead some of the most cutting-edge and critically acclaimed TV of the past two decades and this has left us with the highest quality thresholds - we have the experience to notice details that others don’t. 

 

For further information on Matobo click here. 

 

Time-frames

 

4 months from project kick-off.

 

Related projects/ Work of note

 

http://matobo.co.uk/csat-intro/

www.matobo.co.uk