Minister for the Cabinet Office, Francis Maude, has urged businesses to make IT security a boardroom issue.The minister warned that security was no longer just an issue for IT departments alone.
Is it still the case that modern day businesses still need encouragement to make IT security a top priority? Is data protection legislation in itself failing to impress upon organisations, the need to adoption of a more business orientated approach to IT Security investment and management?
perhaps it is that many can be forgiven for thinking that IT security in this modern age is not being addressed properly within the business community, especially give recent high profile issues experienced by some of the top technology providers in the world. If well known technology powerhouses are unable to implement security measures to prohibit cyber attacks on their business then a concern for what hope there is for the rest of the business world is possibly well founded?
It is possible however that a somewhat skewed perspective on matters concerning IT security is created by the penchant for only bad news to be reported in the more popular periodicals and on-line news services. With a little digging around it is possible to find some more positive news.
Investment in IT Security is improving
According to a recent news and update bulletin posted on the ISO/IEC 27001 adoption rates of this international standard on IT security continue to improve on an ongoing upward trend basis, albeit in varying degrees in different countries around the world.
Here in the UK the trend is very positive, especially in comparison to that of our fellow members in the EU. According to the executive summary of the The ISO Survey of Management System Standard Certifications – 2013 the status of ISO/IEC 27001 gives the requirements for information security management systems, was:
At the end of December 2013, at least 22 293 ISO/IEC 27001 certificates, a growth of 14 % (+2 673), had been issued in 105 countries and economies, two more than in the previous year.
The top three countries for the total number of certificates issued were Japan, India and the United Kingdom, while the top three for growth in the number of certificates in 2013 were Italy, India and the UK.
Likely that in part, this growth is being driven by the emergence of new computing models, in particular transitioning to Cloud and outsourcing. However any increase in the application of recognised standards during what have been extremely taxing economic times must be something to be welcomed.
A More Positive Picture
So with due respect t the very challenging economic times that we here in the UK are still yet to fully materialise, the news that in the last two years UK business investment in ISO accredited IT security standards has continued to increase, sufficient to maintain a UK top three ranking is very positive news indeed.
It should be pointed out that the difference in number of 27001 certificates awarded between the top ranking country Japan (7084), to that of India (1931) and the UK (1923) is quite significant, with Japanese businesses achieving more that twice that of the UK and India together in 2013.
So even whilst the UK is doing better than most, perhaps the answer to the questions posed above is “yes” and on both counts?
What else do you think could and should be done to increase focus and investment on improving the state of IT security where this is needed?