Daily Dose of Data 10: Many businesses lack a formal policy for managing ICT security risks

We will present a statistic from the Digital Economy Outlook 2017 every day (until we run out!) on The Forum Network.

Like Comment

Organisations, and in particular small and medium-sized enterprises, are lagging behind in implementing digital security risk management practices

Organisations are increasingly adopting a risk-based approach to security. However, the share of organisations with effective risk management approaches to security still remains much too low. The proportion of businesses that have a formal digital security plan also varies widely across countries and by firm size. Results from the Eurostat Community Survey on ICT usage and e-commerce in enterprises indicate that SMEs were less likely to have a formally defined ICT security policy across all reporting EU countries in 2015. In almost all countries, the differential between SMEs and large enterprises was approximately 30 percentage points. Across the surveys that asked respondents about the biggest obstacles to more effective digital risk management practices, the highest rated obstacle was consistently related to insufficient budget. A lack of qualified personnel also figured prominently. 

OECD Digital Economy Outlook 2017

Data source

Statlink: http://dx.doi.org/10.1787/888933586711

OECD work on information security and privacy