APAC govts not proactive in securing data

One fifth of public agencies in Asia-Pacific adopt wait-and-see approach in information security and many remain ill-prepared against rising threats, finds IDC survey.
Written by Tyler Thia, Contributor

One fifth of public sector agencies in the Asia-Pacific region, excluding Japan, are choosing to freeze investment in information security or not secure certain public information in order to meet IT budgets, according to an IDC survey released Friday.

Conducted between December and January this year, the study polled 39 respondents from various public agencies, of which 17.8 percent said their IT departments halted investment in IT security or did not secure public data.

"It appears that awareness of appropriate security policies and best practices are poor among governments in Asia-Pacific," Frank Levering, research manager for IDC's Government Insights, said in the report. "Where policies and strategies are in place, the gap between best intentions and operational execution is frequently large."

The analyst also observed that despite rising threats from employees' personal mobile devices connecting to government networks, many agencies still did not seem to have the tools necessary for basic monitoring of security events, frequency, nature or source.

Levering said: "Employees follow trends feverishly and these individuals mix corporate and personal information, unhindered by the much-needed restrictions."

IDC called for governments in the region to adopt a strategic approach to securing information, rather than just reacting to external factors. It observed that there were very few regulatory requirements in the region related to reporting security breaches.

While regulatory requirements, at 59 percent, remained the top driver of investment justification in information security, liability and exposure only accounted for 12.8 percent in terms of importance. Client requirements made up 28.2 percent, according to the IDC report.

Levering reiterated that a proactive approach to data protection will ensure "threats or risks do not find opportunities to manifest in an organization".

Editorial standards