Is your company Cybersecurity aware?

As part of the Keeping the UK safe in Cyberspace, in April the UK Information Security Breaches 2013 was published by the Department for Business, Innovation & Skills and The Shareholder Executive. Although there is an excellent website to review the survey’s findings,  as an experiment in using Data Wrapper,  I used this free and remarkably intuitive tool to visualise three elements of the survey:

  • how high a priority is Information Security to industry sectors
  • how aware are employees within those sectors of their company’s security policy
  • percentage of IT spend on security spend by those sectors on information security

The results of the priority of security question illustrates what we’d expect – Health, Banking and Technology leading priority, and IT budget spend isn’t a great surprise, but the understanding of staff of their own Security Policy is a surprise, illustrating that even in sectors where information security is critically important, staff at these organisations may lack clarity about their corporate information security policy.

Who’s responsibility is it to resolve this?  In regulated sectors, like health & pharmaceutical, government and banking there should be, and in some cases is a collective responsibility to ensure clarity of communication to personnel and a duty of care for the organisation to ensure the message is heard and understood. Data Protection law in many countries provides a regulatory framework for anyone retaining or storing data. The responsibility for legal compliance at an organisation falls to a Data Controller; in Ireland, the UK, Germany and Sweden the law is similar and the data controller can be a legal entity or an individual. Data Protection law is well defined in most developed economies but my concern is about the awareness of staff within an organisation. As hacking and #Cybersecurity attacks begin to reach pandemic proportions the UK’s Information Breaches survey highlights a lack of awareness within some sectors that is disturbing; this lack of awareness can cost industry money, jobs and confidence. Organisations seem to be aware of the importance of information security, IT spend in the area isn’t bad, awareness appears to be the problem, and those who really should know better appear not to.

I admit I grew weary of the manual-handling and similar courses I was (legally) compelled to do as part of work-place compliance, but they’re there for a reason. Information Security breaches will give you more than a pain in the lower-back – it’s time we sharpened up as an information society. Everyone working in or with your organisation needs to knows how to keep your information safe; if someone hasn’t hacked you, it won’t be long before they try.

External links & references

  1. Information security breaches survey 2013: technical report
  2. Information security breaches survey 2013: data download : 233kb : csv
  3. Guidance for small UK business on Cyber Security : Dept Business, Innovation & Skills
  4. British Government extends Innovation Vouchers to cover Cybersecurity : 24-4-2013
  5. Practical Law COmpany : guide to Global Data protection Law
Related Posts
Read More

2013 Action Plan for Jobs & Business On-line Voucher

Today the Taoiseach, the Tánaiste and the Jobs & Enterprise Minister  launched the government's Action Plan for Jobs 2013, the next step in the Government’s plan to rebuild the economy and accelerate the transition to a sustainable, jobs-rich economy based on enterprise, innovation and exports. The Plan contains 333 actions to be implemented in 2013 by 16 Government Departments and 46 agencies.  It has a significant technology element to it - ICT Skills and Big Data get specific focus having consideration for how they can impact the Irish economy in a positive way.
Read More

Fingal Enterprise Week 2012

​I spoke about how disruptive technology is changing things for both the consumer and consequentially the SME. The single message that I hoped to leave attendees with was 'think mobile'. With mobile devices accounting for at least 20% of internet traffic now, and we're told these mobile users are more likely to buy, it's critical that business owners prepare themselves to deal with the mobile customer. Why?

Read More

Open data, does not mean losing our data. Get it?

Not much time passes between reports of another authority, company or agency losing someone's data. Spying or intelligence agencies nosing around your data is one thing, I'm referring to how people are losing our data the old fashioned way; laptop, train home, oops. Laptops, tablets and USB keys - all of them it seems appear to be dropping out of sight, and control at an alarming rate the world over. I know we live in the era of open data - but someone needs to explain that means sharing data, not leaving it in a pub lavatory.