Three quarters of public sector ICT decision makers believe their chief executive doesn’t take digital security seriously, according to new research.
The startling figure features in a new study by supplier BT which raises big questions about corporate leadership on the issue of digital security.
And the lax attitudes of bosses have filtered down to staff, with 79 per cent reporting employees are not taking the security of devices seriously.
A statement from BT said: “This is concerning, as security programmes need to have complete top down buy-in in order to be successful, with everyone from senior public leaders right throughout the organisation taking part.”
The report is based on interviews with 640 ICT decision makers in large organisations across the world, and found that more than two thirds of public sector organisations have been hit by security breaches in the past year.
It concluded that public sector bodies are failing to protect themselves properly against mobile threats including unmanaged, lost or stolen devices and malware infections.
Mark Hughes, president of BT Security, said: “If public leaders are passionate about making security practices work, then they will inevitably become an intrinsic part of people’s lives.
“Problems usually arise when people don’t understand the risks and the impact that neglecting security could cause for the organisation, as well as for them personally.”
More than 90% of public sector organisations surveyed allowed employees to use their own mobile devices for work purposes, but only a 35% had Bring Your Own Device Policy.
And while 37 per cent of mobile devices have full access to internal networks or access to sensitive client information, 39 per cent of organisations have no enforceable mobile security policy.
Just 18% said that their organisation had sufficient resources in place to prevent a mobile security breach, a third have no password protection, and only 35% have ICT security training for all staff.
For those with policies in place, the average length of time between reviewing mobile security measures is 10 months.
The report said: “The infrequency of this is cause for concern, as many IT decision makers believe that the rate of malware infections will be on the rise in the next three to five years.
Hughes said: “Today’s threat landscape shifts very quickly so it is important for organisations to start with security in mind, rather than add it as an afterthought.
“This will ensure that security processes develop with them, and not after them. This makes the task of being security-led much more straightforward.”