Webtrends Tracking Code
 
UK Home >  OUT-LAW News >  News Archive >  2005 >  June 2005 >  Lax security in public sector IT, says study

Lax security in public sector IT, says study

OUT-LAW News, 09/06/2005

The effectiveness of IT security arrangements in British public sector organisations is being undermined by a culture of complacency and a failure to ensure that staff understand the rules, according to a survey by the Audit Commission.

While there has been some improvement in the incidence of business disruption by viruses or hackers – down to 20% of reported cases, compared to 39% in 2001 – public bodies still do not seem to appreciate the risks created by new technologies, such as PDA s, nor the need to tackle workplace access to pornography, says the survey.

In fact, there has been a 13% increase in incidents of staff accessing porn or other inappropriate material – up to 52% of cases in 2004, compared to 39% in 2001.

Cases involving financial risk have also increased to 28% of cases in 2004, as opposed to 22% in 2001.

The survey, carried out in 2004, is based on the responses of more than 400 public sector organisations, including NHS trusts, local authorities, police and fire authorities.

Two hundred cases of ICT fraud and abuse were identified in the survey, the results of which have been published in a report, “An Update on ICT Fraud and Abuse 2004.”

The report highlights the key role played by staff in implementing ICT security, and warns that only half of public sector organisations have actually initiated staff training in these systems.

Only a third of organisations inform their staff about their ICT security policy – although a policy is now in place in 96% of organisations – or educate staff on what they should be doing. Only 20% of public bodies actually give their staff a copy of the security policy.

ICT security is only as effective as the staff within the organisation, and too often we are finding that staff are unsure of their role,” said Steve Bundred, CEO of the Audit Commission. “If we fail to get this right we risk eroding the confidence of citizens in the electronic systems that underpin public services.”

Alongside the report the Commission has produced a self-assessment questionnaire for chief executives and other senior managers to use when considering their own organisation's susceptibility to ICT fraud and abuse.

It has also developed the Your Business at Risk ( YBAR ) database, against which organisations can compare their ICT security measures against a range of other organisations.

 

OUT-LAW Recommends

Data Protection training
We offer training courses on Data Protection and Freedom of Information laws

Winner at 2008 Webby Awards

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.