Questions raised over public sector security leadership

Written by Colin Marrs on 25 November 2014 in News
News

Three quarters of public sector ICT decision makers believe their chief executive doesn’t take digital security seriously, according to new research.

The startling figure features in a new study by supplier BT which raises big questions about corporate leadership on the issue of digital security.

And the lax attitudes of bosses have filtered down to staff, with 79 per cent reporting employees are not taking the security of devices seriously.

A statement from BT said: “This is concerning, as security programmes need to have complete top down buy-in in order to be successful, with everyone from senior public leaders right throughout the organisation taking part.”

The report is based on interviews with 640 ICT decision makers in large organisations across the world, and found that more than two thirds of public sector organisations have been hit by security breaches in the past year.

It concluded that public sector bodies are failing to protect themselves properly against mobile threats including unmanaged, lost or stolen devices and malware infections.

Mark Hughes, president of BT Security, said: “If public leaders are passionate about making security practices work, then they will inevitably become an intrinsic part of people’s lives.

“Problems usually arise when people don’t understand the risks and the impact that neglecting security could cause for the organisation, as well as for them personally.”

More than 90% of public sector organisations surveyed allowed employees to use their own mobile devices for work purposes, but only a 35% had Bring Your Own Device Policy.

And while 37 per cent of mobile devices have full access to internal networks or access to sensitive client information, 39 per cent of organisations have no enforceable mobile security policy.

Just 18% said that their organisation had sufficient resources in place to prevent a mobile security breach, a third have no password protection, and only 35% have ICT security training for all staff.

For those with policies in place, the average length of time between reviewing mobile security measures is 10 months.

The report said: “The infrequency of this is cause for concern, as many IT decision makers believe that the rate of malware infections will be on the rise in the next three to five years.

Hughes said:  “Today’s threat landscape shifts very quickly so it is important for organisations to start with security in mind, rather than add it as an afterthought.

“This will ensure that security processes develop with them, and not after them. This makes the task of being security-led much more straightforward.”

Share this page

Tags

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Comments

alanrencher

Submitted on 7 March, 2015 - 03:40
There is a huge difference in between public sector and private sector, both the sector suffers from low security leadership problems but in comparison to public sector security leadership private sectors are far better. This is happening might be due to lack of resources in public sector or any reasons.

Related Articles

Related Sponsored Articles

Interview: CyberArk EMEA chief on how government has become a security leader
29 May 2020

PublicTechnology talks to Rich Turner about why organisations need to adopt a ‘risk-based approach’ to security – but first make sure they get the basics right

Accelerating sustainability in the age of disruption
21 May 2020

HPE shows why organisations are increasingly seeking to understand and consider the environmental impacts of their IT purchasing decisions