85% of public lack confidence in their local authority's computer security, Sophos survey reveals

November 21, 2007 Sophos Press Release

85% of users believe that their local authority has probably already suffered an IT security breach
85% of users believe that their local authority has probably already suffered an IT security breach.

IT security and control firm, Sophos, has revealed that 85 percent of users of online government services believe that their local authority's IT systems have probably already suffered a security breach at the hands of cybercriminals. The survey, which polled 241 members of the public, also revealed that in such circumstances, 86 percent of users would hold the local authority itself responsible, rather than the hackers.

With HM Revenue and Customs (HMRC) yesterday admitting to losing sensitive information including addresses, date of birth, national insurance numbers and even bank details of about 25 million child benefit recipients in the UK, Sophos experts note that it is no surprise that user confidence in the security of Government services is low.

However, while 62 percent of the public believe that the private and public sectors are as bad each other when it comes to defending this personal data, almost a third of users believe the public sector does a worse job, compared to just 7 percent who stated that the private sector is at greater fault.

Sophos warns that while these figures may not be reflective of actual hacking incidents, central and local government organizations clearly need to brush up their image and ensure their security solutions are up to date in order to boost public confidence. The survey also revealed that 57 percent of the public do not believe that local authorities are doing enough to protect information stored on their network, with 93 percent stating that they do not know, but would like to know, what steps these organisations are taking to defend themselves against hackers.

Survey snapshot

Do you think the public sector is better or worse than the private sector for protecting personal data?

Public sector is worse
30.7%
Private sector is worse
7.1%
They're both as bad as each other
62.2%
They both do a great job
1.7%
If your personal data was compromised by a security breach to a local authority website, who would you hold responsible?

The hacker
23%
The local authority
86.2%
The government
19.7%
No-one, these things happen
2.1%

Sophos survey hosted on SurveyMonkey.com, 241 respondents, October 2007.

"One of the major challenges facing the public sector is that an increasing number of its services are going online for the public to use - great idea, but only if you have a proven security strategy in place that your users believe in. Granting open access without one could dent public confidence as well as put the network at risk," said Carole Theriault, senior security consultant at Sophos. "What's more, it's not just storing these details online which leaves them vulnerable to theft. Yesterday's revelation about the security breach at HMRC is a clear indication that the Government must do more to protect this information whether it's online on a CD, or wherever - after all, it is the general public's data at risk."

Sophos recommends that all organisations protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.

Disclaimer: Please bear in mind that this poll is not scientific and is provided for information purposes only. Sophos makes no guarantees about the accuracy of the results other than that they reflect the choices of the users who participated.