Fears of reputational damage, financial consequences and compliance failure are keeping the public sector awake at night.
Berkshire, UK, 22 February 2013 - Research released today by Clearswift, the global cyber-security company, highlights the top three concerns of individuals working in the UK public sector when it comes to information security. The iGov ‘Managing Information Security’ report was commissioned by Clearswift to investigate the attitudes of those working for public sector organisations (PSOs).
The greatest worry, for 31% of respondents, was for reputational damage to the organisation. Concern about financial consequences came second (20%), with policy or compliancy issues coming in third (18%). To combat these concerns, there is currently a major drive by PSOs to use appropriate data protection solutions to better protect the public. The research has shown that despite a greater understanding of security requirements for the sector, there is still a shortfall when it comes to dealing with third parties and social media.
The harsh penalties for lax security that organisations now face are clearly having an effect, with two-thirds of respondents stating that accidental data loss is their main concern. On the flipside, only 2% of those surveyed consider accidental data loss to be a threat to national security. This statistic should come as a red flag in the context of the Government’s recent call to action to shore up the nation’s defences against cyber-crime, and suggests that education is desperately needed to raise awareness of the dangers.
Exchanging information with third parties
Encouragingly, 90% rated information security as important when selecting business partners and third parties. The majority (93%) of respondents regularly exchange information with third parties, and of this data 84% is likely to contain sensitive material. When it comes to the managing of information exchange with external partners, 63% of respondents regard this as a joint responsibility. Interestingly, however, exactly how this responsibility is divided is unclear, as only 3% of organisations are worried about data loss via business partners.
Although 85% of respondents surveyed felt that their organisation managed security threats well, 38% claimed that they did not have a strategy in relation to their outbound communication technologies.
Dr Guy Bunker, Senior VP of Products at Clearswift, commented: ‘it’s no longer an option to assume that someone else is looking after your data. IT security policies must be created, shared and enforced by collaborative organisations to ensure not only better protection against data loss, but also a clearer understanding of responsibility and culpability.’
Dr Bunker continues: ‘This research brings home the fact that now, more than ever, public sector organisations need to think about their information security on a strategic as well as a tactical level. Educating PSOs and raising awareness as to how to identify and protect their critical information must today be a real focus.’
Social media usage
The research results show that there is still a great deal of confusion surrounding the application and function of social media within PSOs, and how it is implemented securely. Half (50%) of respondents are concerned that social media could pose significant risks to their IT security and yet 38% admit to not having a strategy in place to address this means of communication.
Twitter is enabled by 71% of PSOs, with only a fifth (19%) actively banning it, compared with 62% enabling the use of Facebook and a quarter (26%) banning it. Those banning the use of social media may be confident that they are avoiding security issues and the reputational damage that comes from a malicious or accidental posting, but they are also withdrawing from a two-way conversation with the public they serve which can be damaging in itself.
‘Merely setting up a Twitter, Facebook or YouTube account does not equate to a secure, information-centric social media strategy. Likewise, putting a security policy in place without educating staff and enforcing the policy will not reap the desired results’, added Bunker. ‘This research has shown that PSOs are learning lessons and moving security higher up their IT agenda, but there is still a way to go. The path to robust information security in the public sector is entirely achievable, but only once the potential threats are identified and staff are educated to avoid these pitfalls.’
About the research
Clearswift commissioned research into the attitudes of individuals who work in UK public sector organisations towards information security. In total, 277 people across 247 unique UK public sector organisations were surveyed, ranging from compliance officers and IT managers to C-level executives. The organisations that took part include the NHS, city/local councils, universities, trusts, central government and the police. The survey was conducted on behalf of Clearswift by Surveys in Public Sector (SPS), a division of Ingenium IDS. Ingenium is the UK’s foremost public sector demand creation & research organisation.
Clearswift’s content-aware, policy-based solutions (Clearswift Secure Web Gateway, Clearswift Secure Email Gateway, Clearswift Secure File Gateway, Clearswift Content Inspection Engine [SDK], MIMEsweeper for SMTP) enable over 17,000 organisations in 50 countries to manage and maintain no-compromise data, email and web security across all gateways and in all directions.
Clearswift developed many features the security industry now considers standard, such as image scanning, policy-based encryption and user-level message tracking. Clearswift’s content-aware solutions enable safe and effective communication without compromising on security.
Headquartered in Reading, UK, Clearswift operates out of offices based in regional hubs in Sydney, Australia; Munich, Germany; Tokyo, Japan; Madrid, Spain; and New Jersey, United States
Rebecca Kiely / Siobhan Eyres
+44 (0)1869 238089