Since the introduction of personal computing over the Internet, cyber-security has developed primarily as commercial services providing protection to organizations and individuals as customers of paid services. However, since the introduction of cloud-services and smartphones over a decade ago, this development has been radically altered. Effective cyber-security can no longer be provided as simplistic protective walls around trusted zones of computing (for organizations: isolated private corporate networks with secure network gateways; for individuals: stand-alone personal computers protected by locally-running anti-virus applications). These approaches have always assumed that cyber-threats do not originate from inside trusted zones. Increasingly, cybersecurity is more effectively achieved through detecting and mitigating vulnerabilities discovered through coordinated assessment of malware threats, user behaviors, and IT infrastructure weaknesses. Unlike the traditional focus on malware threats alone, this integrated approach treats the IT infrastructure and user behavior of each individual and each organization department separately. This distributed approach makes no assumptions about the origins of cyber-threats. In this paper, we examine the implications of using this distributed approach in the public sector. Particular emphasis is placed on aspects where the traditional framework of cyber-security as a commercial service can be usefully abandoned and replaced by more effective public sector practices. The recent evolution of the Digital Divide in Central and Eastern Europe has not been a simple story of those with less opportunity and access (old, poor, less educated) being able close the gap by “catching up” with those of greater opportunity and access (young, wealthy, well educated). Rather, the closing of the Digital Divide has been achieved more through the adoption of very different digital activities provided through very differently organized services – activities and services that require very different public sector approaches to cyber-security. These include new approaches to measuring citizen cyber-health; making citizens savvier about their personal cybersecurity; and providing more secure online public services.