The Norwegian Business Security Council (NSR) has mapped the security situation of about 1.600 companies in the public and private sector. The dark figure survey offers an overview of updates in norwegian companies in relation to digital security, the knowledge and the prevention and the emergency preparation.
The dark figure surgey maps the situation IT in private and public companies. This year’s investigation is the twelfth on the digital security situation in companies and in some public companies.
This year, the surgery has been extended in order to describe digital security during the pandemic period of covid-19.
– The analysis reveals that the administrative management is wide involved when the company is exposed to a security accident. Anyway the council is less involved, affirms the director of the Data Inspectorate Veronica Jarnskjold Buer.
Buer, that at the same time has been included into the investigations on behalf of the Norwegian Data Protection Authority, affirms that the half of the accident managed has taken to changes in politics and during the company’s routine and, somewhat, an increase of the control on providers and consultants.
In addition, the analysis reveals that during the last year the 77% of the companies have carried out activities which give an increment of the awareness of employees. The internal lessons are the most common sensibilization activity.
GDPR, privacy and security.
With the legislation on personal data and the new ordinance on privacy (GDPR), new obligations were introduced for companies and rights for citizens. In the survey this year, it has been asked if the companies apply the changes in privacy and informations security at their work.
Redoubles the number of companies (84%) that afirm to have made changes and improvements to their profiles in privacy and on information security since the entrance in force of the legislation.
– It is gratifying to see that there is an increase in companies that have set up a management system for information security. This shows that the management of the company takes responsibility, says Buer.
47% of companies that have set up an information security management system say that accidents were regularly detected during safety monitoring. In addition, 10% reported security breaches of personal data during the past year. Of these, only 34% reported non-compliance with the Norwegian Data Protection Authority.
– These figures are surprisingly low as it is the duty of companies that process personal data to report security breaches of personal data to the Data Inspectorate, as well as breaches of confidentiality, integrity and accessibility. There can be many reasons why it is so. For example, a lack of knowledge of this duty, or if the violations are considered risk-free for the data subjects and that the obligation to report to the Data Inspectorate lapses, concludes Buer. SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DELLA NORVEGIA