Fewer than half of UK organisations have instigated staff awareness
campaigns to help to improve computer security in business.
According to a survey of Computer Weekly's Infosecurity User Group
members, IT departments have failed to push security up the
business agenda through awareness campaigns.
Fewer than half (46%) of the user group member companies have
implemented a security awareness campaign, and of those only 32%
considered that their campaigns were successful. The main reasons
for failure were lack of management support, staff apathy, and lack
of budget. Yet members confirmed that nearly all their campaigns
are set to continue.
Infosecurity User Group chairman Martin Smith said, "Awareness can
be considered as the oil that lubricates the security machine.
Without the active support of the workforce, all security plans are
doomed to failure.
"The vast majority of personnel are happy to follow the rules,
provided they understand why. Yet this straightforward and
inexpensive weapon in our armoury is too often ignored or done on
the cheap," he added.