New research finds the likes of CERT-UK also had an influence on IT departments’ policies and strategy, but are individual employees hearing the message?
30 January 2015, London: New research released today reveals that 45% of IT professionals feel Government initiatives like CERT-UK and Operation Waking Shark II have actively helped them raise awareness of cybersecurity to senior management.
The research, conducted by cybersecurity service provider SecureData and Vanson Bourne, investigated the impact Government security initiatives had on end-user organisations in 2014, with nearly half (47%) reporting that initiatives have helped them communicate the importance of security across their organisation.
Over a third (39%) of participants also stated that they had used the insights from such initiatives to define IT security standards and policies, with a quarter (24%) using information garnered from them to set security strategies.
More work needed
But despite this obvious degree of influence, not all IT professionals feel Government initiatives have had such a positive influence.
Nearly a quarter (23%) said that these initiatives have gone largely unnoticed within their organisation, with 34% also divulging that they haven’t used the insights of CERT-UK in any way. 35% still see professional bodies like IISC or ISC2 as their primary source for security insights as opposed to only 13% who have sought information from the likes of CERT-UK, while a quarter (25%) rely on input from vendors/service providers. Meanwhile, only 26% of IT pros said initiatives had directly encouraged individual employees to consider IT security more closely.
Smaller organisations also saw a reduced impact from security initiatives. While fewer than a fifth (18%) of organisations with over 3,000 employees saw Government initiatives go unnoticed, this was true for almost a third (28%) of smaller firms.
Commenting on the findings, Alan Carter, cloud services director at SecureData said: “While government initiatives have clearly had a positive impact on IT security over all, there’s still some way to go. Although initiatives clearly grab c-level attention in major enterprises, they are far less effective at raising awareness in smaller organisations or amongst individual employees. If we want security insights to resonate outside the boardroom, we need to look beyond Government programmes.”
Retail falling behind
Despite recent high-profile breaches in retailers like Target, the Retail sector is also seeing the fewest benefits from Government security initiatives. A third (32%) of Retail IT pros said initiatives had gone largely unnoticed, while 44% had not used the results in any way and only 4% saw them as an important source of security insights.
Carter continues: “We need to ask if one-off stress-testing exercises are the best approach to raising security awareness. By placing the emphasis on responding to attacks, initiatives struggle to convey the need for a complete approach to the security spectrum. Without insights into how to assess risks, detect threats and protect assets before an attack, these exercises become more a measure of the industry’s pulse than a source of valuable strategic advice.”
Notes to Editors
- Research was conducted by Vanson Bourne, on behalf of SecureData, and questioned 100 organisations
- To see the full research findings, or speak with a SecureData spokesperson about them, please contact Olie Mitchell to arrange an interview (email@example.com).
SecureData is a complete cybersecurity service provider with a proactive approach. We specialise in providing network security, managed services and solutions for customers and believe in looking beyond point technology solutions to ensure business IT infrastructure is both secure and available.
We minimise business disruption for clients and offers the complete security spectrum from assessing risk to detecting threats, protecting valuable assets and responding to breaches when they happen.
Our managed services help businesses secure their data and networks, fight an increasing array of cyber threats, optimise networks to improve employee mobility, ensure regulatory compliance and allow the safe adoption of both cloud computing and consumer technologies in the workplace.
Operating from its UK based Security Operations Centre; SecureData offers manned support on a 24 x 7 x 365 basis, with its own real-time monitoring service developed in-house and tailored to suit both small businesses and large corporate enterprises alike.