Measuring the impact of government cyber security initiatives on enterprise

New research released today reveals that 45% of IT professionals feel government initiatives like CERT-UK and Operation Waking Shark II have actively helped them raise awareness of cybersecurity to senior management.

The research, conducted by cybersecurity service provider SecureData and Vanson Bourne, investigated the impact government security initiatives had on end-user organisations in 2014, with nearly half (47%) reporting that initiatives have helped them communicate the importance of security across their organisation.

Over a third (39%) of participants also stated that they had used the insights from such initiatives to define IT security standards and policies, with a quarter (24%) using information garnered from them to set security strategies.

> See also: How spies and the secret service are joining the cybercrime fight

But despite this obvious degree of influence, not all IT professionals feel government initiatives have had such a positive influence – nearly a quarter (23%) said that these initiatives have gone largely unnoticed within their organisation, with 34% also divulging that they haven’t used the insights of CERT-UK in any way.

35% still see professional bodies like IISC or ISC2 as their primary source for security insights as opposed to only 13% who have sought information from the likes of CERT-UK, while a quarter (25%) rely on input from vendors/service providers. Meanwhile, only 26% of IT pros said initiatives had directly encouraged individual employees to consider IT security more closely.

Smaller organisations also saw a reduced impact from security initiatives. While fewer than a fifth (18%) of organisations with over 3,000 employees saw government initiatives go unnoticed, this was true for almost a third (28%) of smaller firms.

‘While government initiatives have clearly had a positive impact on IT security over all, there’s still some way to go. Although initiatives clearly grab c-level attention in major enterprises, they are far less effective at raising awareness in smaller organisations or amongst individual employees,’ said Alan Carter, cloud services director at SecureData. ‘If we want security insights to resonate outside the boardroom, we need to look beyond government programmes.’

Retail falling behind

Despite recent high-profile breaches in retailers like Target, the Retail sector is also seeing the fewest benefits from government security initiatives. A third (32%) of Retail IT pros said initiatives had gone largely unnoticed, while 44% had not used the results in any way and only 4% saw them as an important source of security insights.

Carter continues: ‘We need to ask if one-off stress-testing exercises are the best approach to raising security awareness. By placing the emphasis on responding to attacks, initiatives struggle to convey the need for a complete approach to the security spectrum. Without insights into how to assess risks, detect threats and protect assets before an attack, these exercises become more a measure of the industry’s pulse than a source of valuable strategic advice.’

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...