This article is more than 1 year old

UK public sector IT chiefs shrug off breach threats: The data we hold isn't that important

Are you for real? splutters surveyor Sophos

Half of UK public sector IT chiefs think the data they're responsible for protecting is less valuable than private sector information, according to a survey by antivirus firm Sophos.

Just over 50 per cent of 420 senior managers quizzed by Sophos agreed with the statement: "The data held by my organisation is less valuable than data in a private sector organisation."

Sophos opined that this "could result in the under-protection of digital data, and sits at odds with the fact that IT leaders consistently rate their organisation's threat level and risk as higher and wider than those dealing with every day IT issues".

Those surveyed included C-suite bods right down to frontline IT teams "in the NHS, education and government sectors", according to Sophos.

Spelling out why this belief that public sector data is less valuable than everyone else's data is really quite dangerous, Jonathan Lee, Sophos's UK public sector relations director, went through it step by step.

He said: "Sensitive data for up to 66 million UK citizens could become available to the highest bidder on the dark web or among other criminal groups that buy and sells personally identifiable information (PII) like names, addresses, National Insurance numbers, tax returns, confidential medical records, passport details, and more," adding: "Cybercriminals can then use this data for spear-phishing, identity theft, breaching networks, or extortion."

Two-thirds of senior IT folk said they had had problems with ransomware during the preceding year, while just 16 per cent of IT bods were incautious enough to make the same confession. Perhaps reflecting the state of media reporting on security, 45 per cent of execs reckoned there had been a "large increase" in "IT security incidents", compared to an impressive 4 per cent of frontline techies.

Mildly worryingly, a fifth of non-managers responding to the survey said they didn't know whether their organisation had a predefined process in place to deal with ransomware incidents, with a similar number saying there was no plan to deal with ransomware in their corner of the public sector IT estate. One in 10 middle managers thought their organisation had no ransomware plan at all, while 95 per cent of top execs thought there was.

On a lighter note, of the 784 people surveyed by Sophos, 39 per cent of senior execs thought the biggest cause for concern over IT security was the rise of remote and flexible working – while coalface IT bods thought malware was their biggest worry. When it came to cited issues, middle managers, meanwhile, were torn between (a lack of) employee skills and targeted ransomware attacks. ®

More about


Send us news

Other stories you might like