The growing uncertainty across the public sector workforce attracts a number of risks and opportunities around staff behaviour. Public sector leaders need to seize the moment in managing this challenge to help create a stronger and more efficient risk culture with wide ranging benefits.
The "insider threat" will rise considerably as the public sector workforce is cut, as is widely expected, by half a million people by 2014/15. Such behaviours, whether or not intentional, threaten information security, reputation and business continuity.
Major risks include:
• Damage to or theft of key assets and critical equipment.
• Mass deletion/corruption of files and records,
• Exposure or leakage of sensitive corporate information
Exposure to information risk and security is increased by inefficient archaic processes and low staff morale and motivation. Organisations who focus on improving both process efficiency and risk culture through the active involvement and engagement of staff will drive a multitude of benefits including reducing the success of insider and cyber attacks.
All staff should be actively encouraged by leaders to spot and implement opportunities to improve processes, controls and technology, creating a stronger sense of loyalty and risk culture as well as improvements to the organisation's overall effectiveness and efficiency in delivering public service.
Public sector managers need to focus on improving staff motivation and morale and undertaking efficiency reviews of processes. In the short term controls are required to monitor and track where key data assets are stored in order to ensure the risk of loss, leakage or corruption is reduced.
James Nunn-Price is an associate partner in Deloitte's UK security practice
This was first published in October 2010