A recent study has claimed there is a “chasm in perception” between IT decision-makers and cyber security experts.
The study, conducted by Sophos and Sapio Research, found that 55% of IT decision-makers in the public sector think that their company data is less vulnerable than private sector data, despite the sensitive and confidential nature that they access.
Participation came from over 780 UK-based IT professionals within the NHS, education and government who varied in level of position, from the c-suite to the frontline.
The UK is more confident in security compared to EU counterparts
Jonathan Lee, UK director of Public Sector Relations at Sophos, said: “The kind of data held by public sector organisations could cause extensive harm if exposed to cyber attackers.
“Sensitive data for up to 66 million UK citizens could become available to the highest bidder on the dark web or among other criminal groups that buy and sell personally identifiable information (PII) like names, addresses, National Insurance numbers, tax returns, confidential medical records, passports, and more.
“Cybercriminals can then use this data for spear-phishing, identity theft, breaching networks, or extortion.”
The awareness gap was further evidenced by 76% of senior IT staff stating that a ransomware incident has affected their company’s data over the past year, whereas only 16% of IT specialists claimed knowledge of such an event.
Also, 38% of IT leaders said that there was an increase in data breaches, compared to just 8% among frontline staff.
Data breaches – It’s not just digital, physical data breaches matter too
“Our survey results show that there is a real chasm in perception about security issues between different IT-related roles across the UK public sector,” Lee added. “Whatever the reasons behind it, the end result could be that organisations misunderstand and therefore fail to adequately prepare for the actual level of risk faced by the organisation.
“Better communication across teams, more effective knowledge sharing and clearly defined processes are essential if we are to make the UK public sector as secure as it needs to be.
“This should be complemented by security solutions that provide clear and accurate data on the number of cyberthreats and attempted attacks.”