More than 50% of EMEA Government Organizations Surveyed Do Not Have a Documented and Approved Information Security Strategy in Place, says IDC Government Insights

London, — In a recent survey conducted across major cities in Europe, IDC Government Insights found that less than half of the respondents’ organizations have an official strategy in place to overcome potential information security threats. More insights are revealed in the report, Information Security in the Public Sector: Avoiding the Risk of Non-Compliance and Political Embarrassment (Doc #GITD01T), which sheds light on the fundamental issues around core security initiatives within government organizations across Europe.

The survey report outlines recommendations that will help government IT executives to maximize the benefits of their investments in information security, to minimize the risk of security breaches and other events, while embracing new opportunities, such as cloud, social networking, and mobile devices.

“In a world of changing technologies, increasing threat sophistication and heavy emphasis on data privacy and protection, it is important to sustain investment in information security. Although there is continued pressure to reduce the costs of public administration, ongoing investment in information security is vital. The risk of non-compliance with increasing regulation and legislation as well as the risk of political embarrassment are sufficient to warrant ongoing investment,” said Jan Duffy, EMEA research director, IDC Government Insights.

She adds “Even though more than 70% of respondents from EMEA government organizations believe that information security is viewed as a strategic policy and process initiative and not merely as a technology cost, the lack of budgets still appears to be the key barrier to ensuring information security in line with the regulatory pressures.”

The survey further reveals that the top security threat perceived by government organizations is employee error or accidental loss of sensitive information. More than 29% of EMEA government organizations considered human error or accidents to be the biggest threat to information security, followed closely with increased proliferation and sophistication of threats. As government organizations prepare to overcome these threats, a security initiative taken by the majority of organizations is protection against viruses.

“The growth of a digital society in the public sector poses security challenges around cloud computing and newer Web technologies. The study confirms that adoption of cloud by government organizations is going to be a slow and considered approach, but it’s important for public sector organizations to reevaluate their current security practices. Before adopting cloud services in the organization, it will be important for information officers to ask the hard questions: Which data is sensitive and critical and where does it reside? What are the policies for encryption and data quarantine? What current internal policies and access controls are in place to enable collaboration and email usage? How well equipped, funded and staffed is the internal IT security organization? Can it keep up with the ever increasing external threat sophistication?

“We would advise organizations to apply an enterprisewide information security architecture to security processes, people, and systems if they are to successfully operate new Web technologies and cloud services without a breach of security” concludes Jan Duffy.

The IDC Government Insights report, Information Security in the Public Sector: Avoiding the Risk of Non-Compliance and Political Embarrassment (Doc #GITD01T), covers the fundamental issues around the evolving role of the chief information security officer, government organizations’ commitment to information security, and core information technology security initiatives. Also addressed in the document are security risk concerns pertaining to transformational innovation (including the emergence of mobile devices, cloud computing, and the embrace of social networking) and how government organizations are dealing with the perennial threat of security. Finally, it gauges respondents’ expectations around changes in IT security budgets over the next 12 months.