The recent confidential document breaches by UK Government officials have prompted observers such as Dame Pauline Neville-Jones to suggest that there is a “culture of carelessness”. Is this true? And what can be done?
Certainly it would appear that standards of security behaviour have been slipping. It’s unlikely that today’s breaches would not have happened in the past. People handling highly classified material took security very seriously during the cold war.
Things have changed since then. The threat is different today. Civil servants are unlikely to feel they are being watched or tailed by hostile intelligence services. The perceived impact of disclosure is much less than it used to be. And information today is circulated in a much more open way.
Such changes in context act as subtle but powerful cues for the behaviour of staff. We need to introduce new rules, responses and motivators to alter their perception. Security culture can be changed. But only by visible acts, not by demands, policy or wishful thinking.