EU guide to raise IT security awareness

EU body Enisa says firms need to do more to safeguard IT

The European Union’s European Network and Information Security Agency (Enisa) has released a new guide to help member states encourage corporates to invest more time and resources in security.

“A Users’ Guide: How to Raise Information Security Awareness” focuses on three main topics: effective communication planning; implementing a change management approach; and evaluating awareness programmes.

"There are a good number of member states lagging behind [in their approach to information security]," said Andrea Pirotti, executive director of Enisa. " We believe time is running out and it is time for European business to wake up. "

Pirotti added that although the UK organisations are some of the most advanced in Europe in terms of their IT security, the average large business is suffering from security incidents costing up to €193,000 [£130,000] per year, but spends only four to five percent of its IT budget on security.

The guide also includes a sample strategy on how to plan, organise and run an awareness-raising initiative and make sure it runs smoothly, said Enisa.

"When I came on board about a year ago several member states were eagerly expecting some [guidance] concerning awareness-raising so I believe it [will be well received]," said Pirotti.