The main concern for a third of public sector companies is reputational damage to their organisation.

A survey of 277 people across 247 unique UK public sector organisations by Clearswift identified the top three concerns of public sector workers to be fears of reputational damage, financial consequences and compliance failure.

The respondents said that reputational damage was a concern for 31 per cent, financial consequences for 20 per cent and compliance issues for 18 per cent. Only two per cent of those surveyed consider accidental data loss to be a threat to national security.

Dr Guy Bunker, senior vice president of products at Clearswift, said: “It is no longer an option to assume that someone else is looking after your data. IT security policies must be created, shared and enforced by collaborative organisations to ensure not only better protection against data loss, but also a clearer understanding of responsibility and culpability.

 

“This research brings home the fact that now, more than ever, public sector organisations need to think about their information security on a strategic as well as a tactical level. Educating PSOs and raising awareness as to how to identify and protect their critical information must today be a real focus.”

The survey also found that 90 per cent of respondents rated information security as important when selecting business partners and third parties. When it comes to the managing of information exchange with external partners, 63 per cent of respondents regard this as a joint responsibility, yet only three per cent of organisations are worried about data loss via business partners. 

 

Although 85 per cent of respondents surveyed felt that their organisation managed security threats well, 38 per cent claimed that they did not have a strategy in relation to their outbound communication technologies.

 

Last year, Jonathan Armstrong, lawyer at Duane Morris LLP, said that the impact of monetary fines from the Information Commissioner's Office (ICO) should be passed on to those directly responsible for the breaches.

 

In response, the ICO said that the Data Protection Act states that it is the data controller that must ensure that any processing of personal data for which they are responsible complies with the act and that data controllers remain responsible for ensuring their processing complies with the act, whether they use the data in-house or employ a separate contractor as a data processor.