U.K. Public Sector's Top Security Worries - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Enterprise Architecture
11:49 AM

U.K. Public Sector's Top Security Worries

Reputational damage, financial consequences and compliance failure are U.K. companies' main security worries, study says.

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
In a week that saw claims of Red Chinese penetration of U.S. networks, a new survey sponsored by the British security vendor Clearswift has found the thing most public-sector U.K. organizations fear is not industrial sabotage or spying -- it's damage to their reputation due to an IT security breach.

That worry, rated number one by 31% of respondents to the poll, surpasses concerns about the potential financial consequences of any such breaches (20%). That might be surprising, given that the U.K's privacy and IT security watchdog, the Information Commissioner, recently has leveled hefty fines on a number of bodies ranging from hospitals to media companies for not protecting consumer data.

Companies' fears they will be identified as not adhering correctly enough to policy or compliancy issues came in at a relatively distant third (18%).

[ Twitter hacks of U.S. companies are snowballing. Read BK Hack Triggers Twitter Password Smackdown. ]

The survey is based on conversations with 277 people across 247 unique U.K. public-sector organizations, with respondents ranging from compliance officers and IT managers to C-level executives, government workers and university staff.

Security is important at a time when U.K. organizations are increasingly using social media, and also being asked to save money by sharing services or outsourcing some or all of their IT and other core processes to private industry, Guy Bunker, senior VP of products at Clearswift, told InformationWeekUK.com.

"The fact that much bigger numbers than we expected are using social media in the public sector plus the fact that a stubborn number of such organizations just don't feel the need to verify the security policies of their partners really surprised me," he said.

Survey results suggest that most companies do think about the importance of security when partnering with other organizations but aren't doing enough to make it happen. Ninety percent of respondents said information security was an important issue that needs to be clarified when selecting business partners and third parties. The majority (93%) said they regularly exchange information with third parties, and of this data 84% is likely to contain sensitive material.

Sixty-three percent of respondents regard managing information exchange with external partners as a joint responsibility. So far so good. But when asked exactly how this responsibility is divided, only 3% of organizations say they are "worried" about data loss via business partners, an approach Bunker says is too lax: "It is no longer an option to assume that someone else is looking after your data," he said. "IT security policies must be created, shared and enforced by collaborative organizations to ensure not only better protection against data loss, but also a clearer understanding of responsibility and culpability."

How companies treat social media security is another problem area, said Bunker. "What worries me about all these public sector users of social media is that they are not reporting anything like convincing enough strategies and policies to deal with any crises that can easily arise here -- like staff sending abusive Tweets or emails," he said.

"Merely setting up a Twitter, Facebook or YouTube account does not equate to a secure, information-centric social media strategy. Likewise, putting a security policy in place without educating staff and enforcing the policy will not reap the desired results," he added.

Half (50%) of respondents told the researchers they were concerned that social media could pose significant risks to their IT security, but 38% admitted to not having a strategy in place to address it. That could be a problem, as Twitter is enabled by 71% of those surveyed, with only a fifth (19%) actively banning it, compared with 62% enabling the use of Facebook and a quarter (26%) not allowing their staff to use it during work hours.

Banning social media at work is not the answer, said the report. "Those banning the use of social media may be confident that they are avoiding security issues and the reputational damage that comes from a malicious or accidental posting, but they are also withdrawing from a two-way conversation with the public they serve which can be damaging in itself," it said.

Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple Deployment at the NEW Mac & iOS IT Conference. Use Priority Code DIPR02 by March 2 to save up to $500 off the price of Conference Passes. Join us in Las Vegas for access to 125+ workshops and conference classes, 350+ exhibiting companies, and the latest technology. Register for Interop today!

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll