Study shows APEJ governments' 'wait-and-see' approach to information security

By eGov Innovation Editors | Jun 13, 2011

Thumbnail: 

SINGAPORE -- Despite the costly risks of data security breaches, 17.8 percent of public sector agencies in Asia-Pacific (excluding Japan) actively choose to freeze investments in information security or decide not to secure certain public information in order to meet their IT budgets, a new study released by IDC Government Insights showed. 

"It appears that awareness of appropriate security policies and best practices is poor among governments in APEJ. Where policies and strategies are in place, the gap between best intentions and operational execution is frequently large," said Frank Levering, Research Manager for IDC Government Insights.

The study further showed that half of the respondents are not proactive in preparing for the threats brought on by new technologies.

“Many public sector agencies appear to lack the tools or processes for basic monitoring of security events, their frequency, nature or source. This is despite the rising security threats brought about by employees connected to the governmental networks using their personal mobile devices,” Levering added.

To justify investments in information security, regulatory requirements (59 percent), client requirements (28.2 percent), and liability and exposure (12.8 percent) are the leading drivers for the public sector.

Another interesting observation is that there are very few regulatory requirements in the region for reporting security breaches.

"The APEJ public sector is primarily reacting to external factors that demand its efforts in the area of information security rather than adopting a strategic approach," the report said.

More insights are revealed in IDC Government Insights’ report entitled “Business Strategy: The State of Information Security in the Asia/Pacific (excluding Japan) Public Sector.”