Security is far more than a mere IT issue. It’s a reputational issue and, for government agencies, it’s at the heart of their relationship with the citizens they serve and protect. Connected government and other cross-agency initiatives put new pressures on public sector CIOs, particularly when these initiatives go hand in hand with IT modernisation and digital transformation efforts.
The combination of digital transformation and government data sharing increases the risk of compound security breaches, where multiple sets of data are compromised or where new threats arise from unforeseen quarters. Unisys research has found that 59% of U.S. Federal IT executives claim that IT modernisation efforts have increased the list of IT security challenges they face.
Preventing data breaches is high on that list, and rightly so. According to the 2019 Unisys Security Index™, citizens across Asia Pacific say their top security concern is unauthorised access to or misuse of their personal data.
% of population concerned about these issues:
|Identity theft 57%
Bankcard fraud 56%
Identity theft 49%
|Identity theft 90%
Natural disaster 89%
|Bankcard fraud 88%
Identity theft 87%
*% of Kiwis concerned about war/terrorism jumped 29% to 51% after the Christchurch attacks.
As government moves towards digital transformation it needs to revise its approach to security, particularly in relation to cross agency initiatives.
Just how seriously it takes into account citizens’ privacy concerns will have a major impact on the success of those initiatives.
Sharing data elevates risk and concern
Across the region, citizens’ concerns are elevated when data is shared between government agencies, as was highlighted in the 2018 Unisys Connected Government research. Of the 5,000 people surveyed in Asia Pacific, just 41% fully supported their personal data being shared to enable government to deliver more targeted programmes and services, the same number as fully supported personal data being shared so that they would not have to repeat providing the same information to different agencies.
The reasons why some people did not want their data to be shared across agencies included:
This suggests convenience, which often drives citizen preferences on such matters, is not, by itself, a sufficient motivational factor.
Data sharing accepted, but concerns remain
That said, there is strong support from the public — 65% or higher across Australia, Malaysia, New Zealand and the Philippines (2019 Unisys Security Index™) — for police to share information with other agencies to help them solve crimes, foil attacks at events or enable early intervention to prevent child or spousal abuse. This preference is similar in the U.S.: a survey of nearly 2,000 U.S. citizens living in eight states found that 77% accepted that their data was being shared between government agenciesi.
Despite the broad acceptance of agencies sharing data, many respondents registered concern about how these agencies actually protect their data and privacy. Common concerns include a lack of clarity about how the government would use the data (69%), infringement on privacy (68%), lack of protection from security breaches, even if accidental (66%), an external cyberattack (65%) and access to their data by unauthorized government officials (63%). Of citizens who expressed concern about data sharing, more than half (53%) said they do not trust the government.
Balancing security and customer experience
The secure digital transformation of government services can both alleviate concerns and improve citizen satisfaction, but only if the competing needs – security and convenience – are met in the right order. The Philippine Statistics Authority found that by digitising its services and incorporating Unisys Stealth to keep information secure, enabling the wait time for requested documents such as birth certificates to be dramatically reduced, increased citizen satisfaction ratings from approximately 20% to more than 80%.
Government agencies need to get the balance right between making services user-friendly and having adequate safeguards. Moreover, securing citizens’ personal information is no longer solely the responsibility of a single agency. There is now a requirement to secure both the citizen-facing digital service and the multiple back-end agency systems required to deliver them.
Wanted: a holistic approach to security
Lack of trust combined with increased and more complex risks suggests that government needs to re-think its approach to managing security. Yet government tenders often specify security and data privacy as non-functional requirements.
Unisys believes that, rather than being treated as a separate component of the design, and the responsibility of the CISO, the Privacy Officer and Security Architects, security and privacy must be built into all aspects of the end-to-end service and thus be the responsibility of everyone involved.
Privacy and security measures must be pervasive and internalised, not established on the perimeter.
For more information on Unisys security offerings visit www.unisys.com/security
The Unisys Security Index™
The Unisys Security Index, the only recurring snapshot of security concerns conducted globally, gauges the attitudes of consumers on a wide range of security-related issues.
In 2019, Unisys surveyed more than 13,500 consumers in 13 countries to generate the data for this report. Results show that security concerns globally among individuals have reached an all-time high in 2019 since the survey was first conducted in 2007.
In Asia Pacific, Unisys surveyed more than 4000 citizens in Australia, New Zealand, the Philippines and Malaysia.