UK security found wanting
UK business lags behind US on approach to data protection, says survey
UK firms lag behind their US counterparts on IT security and data protection issues because of regulatory confusion and lack of awareness, say business groups.
Twice as many European businesses expect a major data loss in the next 12 months – 22 per cent, compared with 10 per cent in the US – according to a global survey by security supplier Symantec. And only 11 per cent rate corporate governance as critical, compared with 28 per cent of US firms.
UK business leaders say clearer legal requirements would redress the balance, pushing security issues onto boardroom agendas.
The UK would benefit from some elements of the US approach, says John Meakin, information security director at Standard Chartered Bank.
‘We would have a better understanding of the required security controls, and their cost, if we had a regulated framework such as the US,’ he said.
Corporate governance issues are handled differently under UK and US law. In the US, legislation specifies in detail exactly what firms must do, whereas in the UK regulations are at the level of principle, leaving more flexibility in how businesses comply.
We can learn from the US example without losing the benefits of our existing system, says Jim Norton, senior policy adviser at business group the Institute of Directors. ‘I prefer the UK principles-based approach, but the visibility of legislation such as the Data Protection Act at board level is very low,’ he said.
Compliance is not the only thing slipping through the gaps, says Norton. Enforcement levels are also low.
‘US firms will take more aggressive precautions regarding security because the consequences are more serious,’ he said.
‘For example, our data protection laws are adequate but the Information Commissioner has not been strict in enforcing them.’
But UK corporate governance models have the advantage of age, says David Roberts, chief executive of blue-chip user group The Corporate IT Forum.
‘The UK is at least as security conscious. And the processes are more rigorous, having been in place for 25 years,’ he said.
What do you think? Email us at: [email protected]
Related stories