Who owns data security? Report highlights business confusion amid rising cyber threats

More executives state responsibility for data security should reside outside of IT

25 January 2016 – Many UK businesses are confused about who should manage data security procedures leaving them at risk from escalating cyber-attacks. This is according to a report, ‘The Data Security and Risk Management Review’, sponsored by leading managed service provider Advanced 365.

Cyber criminals are constantly exploiting businesses’ vulnerabilities around storing data in multiple locations as more devices become connected to the internet. This has created a widening knowledge gap between IT professionals and employees as organisations struggle to keep pace with new and evolving threats. As a result, senior executives have become increasingly concerned as to who they should entrust with driving their security strategies.

In the report’s survey of 300 UK IT decision makers, 49% stated the definitive authority for data security should reside outside of CIOs and the IT department. 75% surveyed said data owners should assume responsibility for data which belongs to a business. 71% argued security is a wider issue than just data and 56% believed it should fall under the remit of other departments, such as compliance.

In contrast, 41% felt that IT should keep hold of the reins due to having ‘experience of dealing with security issues’ and 10% were unsure whether security should sit within or outside IT.

Neil Cross, Managing Director of Advanced 365, comments, “Highly publicised data breaches involving large enterprises have catapulted security to the top of the corporate agenda. While it is reassuring that board members are now taking greater interest this has clearly created a difference of opinion as to who should lead on addressing security issues, which could leave businesses even more exposed.”

Organisations must also review existing controls around storing and accessing data ahead of imminent changes to EU General Data Protection Regulation (GDPR) legislation to avoid significant fines in the event of a breach. Under new EU laws, any organisation which is tasked with managing and securing third-party access to data has a legal obligation to ensure it is secure. Those who fail to do so could face fines of up to 5% of their turnover.

Cross adds, “To reduce the risk of a potentially damaging breach, businesses must define who is responsible for each specific area of security. This includes ensuring robust governance frameworks are in place for managing and safeguarding third-party access to their data to avoid significant fines under imminent GDPR compliance requirements.

“The new legislation will also have major implications for the providers of hosted and cloud services. Businesses must think carefully before choosing a trusted and experienced partner and pay particular attention as to the location of where their data will be stored.

“In response to this threat we have worked with our customers to create a service to help them understand the risks within their business. This is very definitely a product we are increasingly being asked to deliver.”

Advanced’s Secure IT Health Check service assists businesses in addressing and managing their security challenges. The health check analyses six key areas in a business including: identity management, security awareness, end-point management, malware threats, configuration and compliance and vulnerability management.

The output from the service is a report and action plan that the board can review and follow to ensure that businesses can harden their defences against what the World Wide Web may throw at them.

To read the Computing report, ‘The Data Security and Risk Management Review 2015’, click here.


Notes to Editor

About Advanced 365

Advanced 365 is a leading provider of IT managed services and business innovation solutions. Working with organisations within the private, public and charity sectors, Advanced 365 aligns technology to its clients’ business needs in order to improve their operational efficiencies, help control costs, enhance productivity and enable growth.

Core offerings include:
• Managed services focusing on the delivery of IT services including: outsourcing, cloud computing, application development and support, and unified communications.
• Business innovations to make legacy systems relevant to today’s business environment. Advanced 365 provides a CIO advisory service which supports the deployment of technologies including modernisation, legacy system migration, application development, applications support and data cleansing.

Advanced 365 is a Microsoft Gold Competency Partner and works closely with other industry leading vendors and developers including Red Hat, Gamma Telecom, IBM and Oracle.

Advanced 365 is a division of Advanced Computer Software Group Limited, a leading supplier of software and IT services to the health, care and business services sectors. In 2014, the Group won Tech Company of the Year in PwC’s UK Tech Awards. Advanced was also ranked in the Deloitte UK Fast 50, which recognises the 50 fastest growing technology companies in the UK and ranked in the top 300 technology companies in Deloitte’s EMEA rankings.


Press contact
Angela Mycock and Ben Carey, Advanced Computer Software Group
pr@advancedcomputersoftware.com T: +44 (0)1625 856513