Mass-scale, immature innovations spread rapidly due to their accessibility and integration into personal devices within organisations. While presenting opportunities, it introduces risks like bias, inequality, the digital divide, and potential outages. The rapid innovation adoption exceeds institutions' capacity to evaluate and control these societal and organisational impacts. How can public IT stay resilient against the mass adoption of unregulated technologies, asks Antonio Hidalgo Landa, chair of the BCS Consultancy Specialist Group

Sustaining environmental and welfare demands, including an ageing population, presents increasing public sector challenges. How can these growing demands be addressed without adopting new technologies and modernising public sector IT systems?

Introduction

Emerging technologies such as social media and generative AI are transforming society and workplaces, bringing advantages and opportunities. However, as IT systems overtake nearly every facet of work and life, the lack of a responsible adoption, exposes organisations to failures, bias, and cyber-attacks. The UK’s Autumn Budget 2024 emphasised these failures, leading to academic damage, disrupted public services, and unjust prosecutions.

The Autumn Budget focus on protecting working people, fixing the NHS, and rebuilding Britain, underscoring the necessity of strategic and accountable IT. Can we use it as a guide for IT procurement in the public sector for a better society? Following, we will discuss how public IT systems can remain resilient against the rapid adoption of unregulated technologies and support growing environmental and societal demands. We address algorithmic bias, cybersecurity, environmental, social, and governance (ESG), and workforce readiness.

Algorithmic failures and bias

Bias in algorithms can be devastating, ranging from flawed data, embedded societal inequities, algorithmic design, collective in-equilibria, or ethical dilemmas.

280,000 students were affected by algorithms bias in 2020 that standardised A-level results after COVID-19 cancelled exams. The Department for Work and Pensions (DWP) faced allegations that its fraud detection algorithm targeted disabled individuals. In 2019, an NHS algorithm deprioritised black patients for care management over white patients with identical health statuses. The Home Office’s visa algorithm was scrapped for discriminatory practices based on nationality.

When only one ventilator is available for two COVID-19 patients, it creates a lose-lose scenario, akin to the trolley problem, where harm is unavoidable. This decision imposes a moral burden to any person, but algorithms can prioritise diversity and collective health without hesitation. Ethical design should extend to all critical systems, ensuring unbiased decision-making in lose-lose scenarios.

Heavy social media use among teenagers increases depression and facilitates online harassment and cyberbullying. However, social media is widespread among teenagers without enough social awareness and control. A teenager’s brain is not fully developed and is more to susceptible emotional responses. Social media algorithms recommend the most popular content from similar people. Hence, suggesting highly emotional content to vulnerable teenagers with a high emotional response, fuels mental health conditions such as anxiety and depression. IT procurement should consider under which circumstances algorithms may incentivise a worse situation.

Over 700 people were wrongfully prosecuted due to errors caused by an IT system (Horizon) at the Post Office between 1999 and 2015. This error ended the careers of many, resulted in imprisonment and even suicides. The Post Office scandal reveals the dangers of public sector overreliance on computer-generated evidence.

The lack of professionalism in managing critical IT systems can jeopardise vital public services. Ethical IT professionals must ensure systems are properly monitored, errors are raised, and outputs critically evaluated. Public sector procurement plays a pivotal role in enforcing independent standards of professionalism and ethics in the application, development, and deployment of technology.

Cybersecurity challenges

Shadow IT

Employees create workarounds (shadow IT) to bypass deficiencies in authorised systems. Historically, spreadsheets were used for data aggregation, hiding processes and hindering governance. Sensitive patient data were sent to the wrong WhatsApp group by NHS staff, exposing the shadow and unauthorised practice and the challenge of enforcing data-sharing policies in the NHS.

Social media penetrated schools without proper oversight, facilitating harassment and cyberbullying, which has led to instances of threats and suicides. Teenagers can use Generative AI to generate false images and videos of anyone, deepfakes. Classmates’ lives have been devastated by discovering sexually explicit deepfake images of themselves online, with the harm amplified when such content is deliberately targeted to cause damage.

Technologies such as social media, personal email, and generative AI are widely available to employees, students, or patients. While they can address inefficiencies from authorized IT, they can undermine organisational security and operational efficiency.

Can organisations effectively keep such widespread technologies out of the workplace? Apple and Samsung struggle to enforce bans on tools such as ChatGPT due to considerations about privacy. Recent attempts to ban smartphones have made progress in schools.

Cybercrime

Data breaches remain a major cyber threat to public sector organisations. In 2024, the bank details of around 5,000 people were compromised by a breach to Transport for London (TfL). Spy.pet scraped over 4 billion Discord messages, highlighting the sophistication of modern data theft tactics. Financial losses due to data breaches in healthcare, education, and the public sector are large, with public sector average costs increasing by 32 per cent and an average cost of $2,290,000, according to IBM and Ponemon Institute.

The October 2020 ransomware attack on Hackney Council disrupted services like council tax and benefit payments, costing millions to remediate. A 10-day disruption on the Irish Health Service Executive (HSE) was caused by a ransomware attack in May 2021. A $22 million ransom demand was suspected of the attack on Change Healthcare on 2024.

The 2020 SolarWinds breach affected 18,000 organisations, including US government departments. In 2021, Chinese state-backed actors attacked Microsoft Exchange servers, compromising over 250,000 servers for large-scale espionage.

Critical IT systems

Organisations implement frameworks such as ISO/IEC 27031:2011 and enhance their resilience by ensuring robust disaster recovery capabilities, achieving zero downtime, and maintaining operational continuity, even in the face of major disruptions. Affecting approximately 8.5 million Windows devices, the global CrowdStrike outage disrupted essential operations in healthcare, aviation, and broadcasting. How can these cascading events cause this massive disruption when there are standards that show reliance and reliability?

Recommendations

The biggest difference can be made by recognising more IT systems as critical and ensuring they are overseen by cybersecurity professionals accountable for their operations. Many exploitable systems or those prone to disruptions are not overseen by cybersecurity experts, and many cybersecurity roles lack the requirement for Chartered status. Like doctors and accountants, Chartered professionals ensure accountability and professionalism.

As IT systems are more interdependent, they require more collaboration addressing failures. Moreover, as IT systems expand over the workplace, IT experts should be present on boards ensuring that decisions-makers understand risks and threat.

ESG

Can IT systems in the public sector be leveraged to address growing social and environmental demands from society?

Environmental

Governments and industries are making ambitious environmental commitments, driving organisational sustainability efforts. Public procurement has substantial influence over the industries with major greenhouse gases emissions, including transportation, defence and construction.

Renewable-powered data centres and energy-efficient IT systems offer scalable solutions to support climate goals like COP28. However, the lack of interoperability of sustainable indicators and visibility is a major deterrent for a greener procurement. 

Social

Assistive technology such as Scholarcy and Grammarly summarise formal text into bullet points or question cards, while multimodal materials, such as situational videos, combine text, images, and audio to enhance understanding. These tools adapt content to individual needs, reducing cognitive load and improving engagement. IT solutions emerge as well to reduce biases and increase diversity, including hiring and analytics. However, it is not enough. Only 20 per cent of the tech workforce is female, black women represent 0.7 per cent and disabled individuals face a 50 per cent employment gap.

Massive Open Online Courses (MOOCs) demonstrated how technology can democratise education by providing scalable, free, high-quality courses (Ng, 2014; Zhu, 2012). Universities such as Oxford and organisations such as BCS exemplify the broader adoption by sharing free academic and CPD resources on YouTube.

IBM Watson builds knowledge repositories that users can query in natural language.

The Clerk of the Superior Court in Maricopa County automated 70 per cent of citizen interactions without human intervention, saving 100 staff hours in the first month.

With advancements in building knowledge repositories, institutions offering accessible curricula, and assistive technologies, can we overcome the challenges of integrating these at scale to significantly reduce global educational inequality?

Governance

IT governance systems improve accountability and traceability by ensuring decisions are tracked and communicated effectively. The IT Leaders 2020 Report noted 56 per cent of organisations prioritised operational efficiency and governance, but only 12 per cent felt adequately resourced to achieve these goals.

IT procurement in the public sector can enable better governance practices, improving the ability to track and trace emissions and diversity. However, fragmented IT ecosystems hinder the adoption of IT governance. Healthcare information systems often struggle with fragmented integration, relying on a mix of custom-built, homegrown, and off-the-shelf tools. This lack of standardisation drives complexity, inefficiency, higher costs, project delays, and operational risks. 

Implementing industry wide governance standards is a great but challenging task. How great would it be for governments and conscious consumers if they could have accountability of all the CO2 emissions produced by the manufacturing, supply, use and disposal of goods and services? A similar challenge is being resolved in the pharmaceutical sector, the traceability of medicines. The fragmented pharmaceutical supply chain faces challenges like divergent regulations (EU FMD, DSCSA), integration of legacy systems, and inconsistent data sharing across stakeholders. Aggregation complexities and cross-border compliance further hinder traceability. Adopting GS1 standards and interoperable platforms has been crucial to streamline processes, enhance transparency, and ensure regulatory adherence globally.

Digital skills

IT systems require proper preparation and workforce training to deliver results effectively. The Help to Grow scheme has trained over 10,000 SMEs in digital skills, boosting productivity, but scaling similar efforts in the public sector faces challenges including legacy systems and larger workforce sizes. A global shortage of 4 million cyber security professionals highlights recruitment difficulties in IT.

The digital divide remains a significant concern. In the UK, 1.7 million households lack internet access, and 10 million adults lack basic digital skills. Addressing this requires prioritising accessibility and inclusivity in procurement decisions to ensure IT solutions bridge this gap.

Last remarks

The institutional literature, including contributions from the UK government, Parliament, WEF, and BCS, provides a guidance on emerging technology, including operations, management, security, acquisition, and more. However, addressing its full breadth would require a dedicated and detailed study. The increasingly devastating incidents contribute to the continued expansion of this literature. However, this growth is not solely driven by failures but also by the complexity and rapid evolution of emerging technologies and their rapid integration into society and institutions.

This is not a call to slow innovation; malicious actors and cybercriminals will not pause their activities. Instead, it underscores the need for institutions to respond promptly by developing digital capabilities, adopting relevant technologies, and equipping both the workforce and consumers with appropriate skills to safeguard and empower organisations and households.

Technology and algorithms have the potential to accelerate bias; however, they can also be instrumental in identifying and addressing it to develop a fairer society. While a significant portion of the population remains marginalised by the digital divide, assistive technology offers a powerful means to foster inclusion. As ICT systems increasingly embed themselves in more aspects of our lives, more of these systems should be deemed critical and overseen by accountable professionals (e.g. Chartered) to ensure their reliability and integrity.

Emerging technologies offer significant potential to enhance governance by improving traceability, interoperability, and monitoring systems. These advancements can support compliance, streamline processes, and reduce inefficiencies. While they are not a panacea, they represent a valuable tool for sustaining critical public services such as education and healthcare and addressing environmental goals. A major challenge to improving governance and interoperability is the fragmentation across business value chains. However, examples such as the traceability of medicines demonstrate how meaningful change can be achieved globally and across industries. Key to this success has been the adoption of robust standardisation efforts, such as those driven by GS1 in the pharmaceutical sector. Ensuring these efforts are empowered and backed by strong industry collaboration will be essential for scaling these benefits effectively.

Technological advancements bring opportunities but require careful and thoughtful integration. Collaboration, equipping individuals with the right skills, and ensuring inclusivity and standardisation are practical steps towards building more resilient technological ecosystems. This highlights the importance of balancing innovation with responsibility, and a clear focus on practical benefits for society.