Critical infrastructure firms failing to engage with governments

On the day that GCHQ director Iain Lobban warned of the continuing threat from cyber space, new Symantec research revealed that critical infrastructure organisations feel less prepared for attacks and are engaging less in the programs (CIPs) set up by governments to help prevent such attacks.

The security giant's Critical Infrastructure Protection Survey surveyed 3,475 organisations in 37 countries across 14 critical infrastructure industries including finance, telecoms, IT and manufacturing.

It found 36 per cent were "somewhat or completely aware" of their government's CIP this year compared to 55 per cent last year, while 37 per cent were engaged in such CIPs as opposed to 56 per cent in 2010.

More concerning still were findings that fewer organisations are willing to engage in CIPs (57 per cent versus 66 per cent last year). No wonder, then, that readiness levels fell by eight percentage points to just under two thirds this year.

So what can be done to increase awareness and engagement? Some of the blame must surely rest on the part of the governments themselves. Symantec recommended more partnerships with industry associations and private enterprise groups to help spread information and raise awareness of CIPs.

The good news is that despite the gloomy figures presented by the research, a majority of critical infrastructure firms still know about such programs and approve of them.

This year may have been a blip, of course.

One can't imagine that, with high profile cyber incidents publicised all the time and the increasingly frequent and urgent warnings coming from big name figures like GCHQ's Lobban, that such organisations will remain ignorant for long.

That said, according to David Blunkett, former home secretary and chairman of the not-for-profit International Cyber Security Protection Alliance, most organisations are blissfully unaware that anything is wrong with their security