Monday, 24 June 2013
UK Government to Spend £4M on Cyber Security Awareness
We start off this week's data centre news with a story out of the Home Office. Last week the government department announced a plan to spend £4 million on programs to raise awareness about cyber security issues. The money will be spent primarily on an education and marketing campaigns designed to grab the attention of small business owners.
Not surprisingly, industry experts lauded the move. One after another spoke about the need to educate business owners as well as the ongoing contributions necessary from government. Many industry experts echoed the belief that although £4 million is but a drop in the ocean, it's enough to get the process started.
No specific details of the program have been released except to say that the Home Office will be soliciting bids initially from PR, media, and creative enterprises. Why that particular sector was chosen is unclear. It could be because it is closely tied to information technology and would therefore stand to benefit from increased cyber security measures.
The program will be launched this autumn, according to news reports. The Home Office has indicated that the marketing and educational programs will be the result of combined efforts between the government and some of its private sector partners. Who those partners are, and what they will contribute, remains to be seen.
In all likelihood, the initial investment will go almost entirely to marketing and basic education through the publication of appropriate literature. Hands-on training or classroom-style participation is highly unlikely. Therein may lie the one red flag attached to the program.
Despite the enthusiasm surrounding the project, those of us in the IT sector should not get too excited too quickly. We must ask the question of whether government marketing will be enough or not. Obviously, it will not be enough to completely solve the cyber security issue. But will it even be enough to make a significant dent in the problem?
It's not as though business owners are not aware of cybercrime and its related issues. We all live with it on a day-to-day basis. So, if that's the case, why aren't small businesses doing more to secure their computer systems now?
Perhaps it is a matter of ignorance – ignorance that can be done away with through government education and marketing. However, perhaps it's something more. Could it be that small businesses simply do not have the money to beef up cyber security? Could it be that many business owners consider the expense of cyber security unnecessary overkill?
If the government initiative is to be fruitful, these questions need to be asked – and answered. We know that, historically, simply throwing money at a problem does not fix anything. It is no different in this case. It is fine to raise awareness of cyber security issues among small business owners. Nevertheless, the additional step of finding out what it will take for them to implement security measures must also be part of the equation.