Research shows lack of spending on IT security

Next story

Are local authorities overlooking IT security as a requirement to stay protected?


Citrix recently conducted research into expenses by local authorities, obtaining the data by a Freedom of Information (FOI) request issued to 129 local authorities. Of the 109 that responded it was revealed that councils spend 8 times more on health & safety training than IT security courses.

Obviously health and safety training is an important factor, but it’s raising the question of why security hasn’t been taken up with more enthusiasm.

Over £1.2m has been dedicated to health & safety training this year, compared to the £104,711 on IT security and data protection courses.

However, the FOI also showed that data on over a third of council-issued devices could be vulnerable to cyberattacks due to lack of protection, or poor cyber security. Combining this with the lack of IT security training could see data breaches of civilian data.

Mark James, ESET IT Security Specialist, discusses why IT security is often overlooked and the consequences of this.

“Sadly investing in IT security usually falls quite low in the spending list for most local authorities. The consequences for failures in IT Security are significantly lower than other areas with no clear guidelines on what constitutes a failure.

“If you back that up with unsuccessful or fairly insignificant fines, then in most cases it’s easier to do something about it after it happens, than before.

IT Security requires knowledge and expertise in a field that changes so regularly, there’s no rulebook or defined danger areas as attacks could in theory come from anywhere.

Training staff in the possible dangers of lapsed security is just as hard. In most cases within this industry people’s daily workload gets increased, hours get reduced and within that staff are still required to be responsible themselves for security.

“Effective security needs to be multi-layered and enforced by every single person.

“The bad guys (or gals) only have to be successful once.

The bottom line is financially driven, effective IT security costs money, time and resources, it has to come from somewhere and with limited budgets choices need to be made often by non-technical people as where to best place it.”

Do you think that local authorities should be focusing more on IT security? Let us know on Twitter @ESETUK

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.