Questions raised over public sector security leadership

Written by Colin Marrs on 25 November 2014 in News
News

Three quarters of public sector ICT decision makers believe their chief executive doesn’t take digital security seriously, according to new research.

The startling figure features in a new study by supplier BT which raises big questions about corporate leadership on the issue of digital security.

And the lax attitudes of bosses have filtered down to staff, with 79 per cent reporting employees are not taking the security of devices seriously.

A statement from BT said: “This is concerning, as security programmes need to have complete top down buy-in in order to be successful, with everyone from senior public leaders right throughout the organisation taking part.”

The report is based on interviews with 640 ICT decision makers in large organisations across the world, and found that more than two thirds of public sector organisations have been hit by security breaches in the past year.

It concluded that public sector bodies are failing to protect themselves properly against mobile threats including unmanaged, lost or stolen devices and malware infections.

Mark Hughes, president of BT Security, said: “If public leaders are passionate about making security practices work, then they will inevitably become an intrinsic part of people’s lives.

“Problems usually arise when people don’t understand the risks and the impact that neglecting security could cause for the organisation, as well as for them personally.”

More than 90% of public sector organisations surveyed allowed employees to use their own mobile devices for work purposes, but only a 35% had Bring Your Own Device Policy.

And while 37 per cent of mobile devices have full access to internal networks or access to sensitive client information, 39 per cent of organisations have no enforceable mobile security policy.

Just 18% said that their organisation had sufficient resources in place to prevent a mobile security breach, a third have no password protection, and only 35% have ICT security training for all staff.

For those with policies in place, the average length of time between reviewing mobile security measures is 10 months.

The report said: “The infrequency of this is cause for concern, as many IT decision makers believe that the rate of malware infections will be on the rise in the next three to five years.

Hughes said:  “Today’s threat landscape shifts very quickly so it is important for organisations to start with security in mind, rather than add it as an afterthought.

“This will ensure that security processes develop with them, and not after them. This makes the task of being security-led much more straightforward.”

Share this page

Tags

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Comments

alanrencher

Submitted on 7 March, 2015 - 03:40
There is a huge difference in between public sector and private sector, both the sector suffers from low security leadership problems but in comparison to public sector security leadership private sectors are far better. This is happening might be due to lack of resources in public sector or any reasons.

Related Articles

Related Sponsored Articles

"The inflection point is here": how Covid is driving digital transformation in health
9 June 2021

It’s been one of the most challenging years for healthcare providers, but Salesforce sees lasting change from accelerated digital transformation

Stopping Cyber Attacks in Higher Education
19 April 2021

Higher Education institutions are some of the most consistently targeted organisations for cyberattacks. CrowdStrike explores the importance of the right cybersecurity measures.