Chicken or egg – security as motivator or confidence builder?
Author(s): Allen Koehn, Posted on December 23rd, 2010
Security is a basic human need. As individuals we all want it; as organisations we seek to build it; as nations we collectively strive for it. But do we need to feel at risk – or worse be a victim – before we take preventative steps? And how do businesses and governments get community support to embrace the security initiatives they have invested in?
The first step is to understand what issues shape people’s concepts of security.
So we asked them.
Through the Unisys Security Index™ we regularly ask people in different countries how they feel about a variety of security-related issues. The results are telling.
For one, the intensity of security concern that people feel varies greatly between country of residence. We see this even within the Asia Pacific region. Hong Kong residents recorded the second highest level of concern of the 11 countries surveyed – behind only Brazil, while New Zealanders were the second least concerned, above only the Netherlands. Australians were slap bang in the middle.
Why the difference? Why are Hong Kong residents so much more concerned about security than their regional neighbours? And why are Kiwis so relaxed? It would appear that awareness of, and attitude toward, security issues is driven by personal experience – not only as a victim, but also exposure to visible security measures.
Take Hong Kong for example, one of the early adopters of biometric security measures. Interestingly, between 2007 and 2008, the Unisys Security Index for Hong Kong recorded a marked decline in the overall level of willingness of people to use biometrics, which sets them apart from the other countries we survey where the levels of support are high and remain high.
In the most recent study, Hong Kong people reported the highest level of concern globally for financial and personal security issues. The high result for personal security was driven by high concern about two identity theft related issues: unauthorised access to, or misuse of, personal information and other people obtaining/using their credit card details.
We attribute this to a number of high-profile data breaches in Hong Kong where very sensitive personal information was lost or even sold, undermining the confidence and trust of consumers in organisations to keep their data safe.
This may well explain Hong Kong’s change in attitude toward biometric security measures – it’s not a fear of new technologies, or not appreciating the need for security measures, it is a matter of trust about data protection.
When asked about their willingness to use biometrics to verify their identity in different scenarios, Hong Kong people were supportive of using biometrics to access a bank account or health records but not to enrol in an education class or access public transport. This suggests the level of support varied depending on two key elements: how critical people felt it was to prove their identity to access a particular service, and what organisation they were dealing with.
However…while accessing bank accounts was the scenario that Hong Kong people most supported for using biometrics to prove identity, when asked about which organisations they would support using biometrics, banks recorded a much lower level of support in Hong Kong than in Australia and New Zealand.
So why the mismatch? Perhaps Hong Kong people would like to be able to access bank accounts by using biometrics to prove their identity, but they don’t yet trust bank organisations to secure their biometric data.
All of which brings us back to the fundamental of public confidence. People actually want to hear from business and government about how they are being kept secure – both to motivate them to do more, as well as to reassure that what is being done is protecting them.
This tells me that we – as governments and as businesses – need to do a couple of things.
First, we need to find new ways to talk about security – continuing to build community confidence and trust through a degree of transparency (where we can be transparent) and dialogue (where we cannot).
Next, we need to continue to test the assumptions we may make about the level of community support for what we might choose to invest in. I mean no disrespect to privacy advocates (because privacy protection plays a fundamental and critical role in our social fabric), but in today’s security landscape we must not to let the views of a vocal few be portrayed as the attitudes of the many.