Fines Less of a Concern than Reputational Damage for Public Sector Security
In a survey of 250 UK public sector professionals working in cybersecurity, risk and data protection by Zivver, 52% of all respondents cited reputational damage as their biggest challenge in relation to outbound secure communications. This was followed by preventing data leaks (50%) and employee awareness on security (49%). Meanwhile, fines were deemed a lesser concern at 19%.
Speaking to Infosecurity, Rick Goud, CIO and co-founder of Zivver, said while the fines issued to BA and Ticketmaster put the topic more top of mind, “I don't think the fear of fines is what will drive change.”
He added: “In the Netherlands, for example, the country with the highest adoption of email data protection solutions, fines hardly exist. Adoption will increase with higher awareness, which is enforced by media attention, public interest, independent research and awareness campaigns. So I see fines as a way to increase awareness, not increase fear.”
Regarding COVID-19’s impact on the security of outbound communications in public sector organizations, around one in three of all respondents said the pandemic brings additional vulnerabilities requiring ongoing security changes. Further reflecting the high levels of uncertainty, especially by those at the top, 43% of IT leaders in local government said their organization was less secure as a result of COVID-19.
In terms of data leak frequency, 82% of respondents said their organization had experienced at least one data leak in the past 12 months, while 73% stated they had suffered three or more.
Asked how much he thought this was due to greater remote working and the likelihood of security mistakes being made as a result, Goud said: “Stakeholders report an increase of data leaks since having a remote workforce, which is a logical consequence of two things. Firstly, any change will lead to people making more mistakes, because change is one of the most difficult things for people, inevitably resulting in errors. Secondly, additional data leaks will occur because, with a remote workforce, people have to increasingly rely on ways of communicating that were not built for security, like email and popular (free) SAAS-tools for sharing files, sending out questionnaires, etc.
“The latter, especially, is a problem that organizations increasingly recognize and are looking to fix by putting solutions in place that enhance and secure digital communication, knowing that the old way of working will not fully return.”
Goud claimed the findings of this survey indicate an urgent need for public sector organizations to review and update current security practices, requiring technology that is simple to introduce and use to avoid disruption to employees’ productivity.