Yes, you heard it here first! The new buzz word is digital society continuity management. What it is? Well, business continuity is the activity performed by an organization to ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions. Digital society continuity thus will be the activity performed by a government to ensure that critical digital functions will be available to citizens, government, businesses and other entities that must have access to those functions. What are critical digital functions? Think telecommunications, Internet, mobile networks, computing power, access to data. We are increasingly dependent on the 100% uptime of these functions. In the future – think smart grids, automated health care, the Internet of things – digital will be all pervasive. Failure of digital functions to perform up to standards could throw a nasty spanner into the well-oiled society wheels. For example, Gartner recently predicted that by 2015 a G20 nation’s critical infrastructure will be disrupted and damaged by online sabotage.
So, you will ask yourself, are we prepared? Well, we do not really know. For starters, no one is measuring government preparedness and awareness of cyber threats. Yes, there are EU institutions like Enisa and CERT bodies that are monitoring this, but there is no real ranking and benchmark available on how well one society performs against the other. Or if there is, it is not shown to the general public. We were therefore pleasantly surprised to see that Eurostat has recently published statistics that give some indications of how we perform in the EU (see figure below).
The data in the chart above comes from a recent study with the exciting title “ICT usage in enterprises 2010” and can be found here. We took two data points from this study. The X-axis represents the percentage of enterprises that have made staff aware of their obligations in ICT security related issues. The Y-axis represents the percentage of enterprises that had a formally defined ICT security policy with a plan of regular review.
The beauty of presenting the data in this way is that we can now rank societies according to the attitude of the business community regarding one of the aspects of digital society continuity. Bilderbeek consulting distinguishes four types of societies. The naïve society has a low awareness of digital society continuity and has no formal ICT security policy with regular review. The complacent society has a low awareness of digital society continuity but does have a formal ICT security policy with regular review. The vulnerable society has a high awareness of digital society continuity and has no formal ICT security policy with regular review. The armed society has a high awareness of digital society continuity and also has a formal ICT security policy with regular review.
How do we perform in Western Europe? The armed societies are Finland, Sweden, Norway, Denmark and Greece (have a look at the chart, I hope your knowledge of EU flags is up to date). There are no complacent societies, which is good. There are too many vulnerable societies, including Italy, Ireland, Portugal, Belgium, Spain, and Germany. There are four naïve societies, including UK, Austria, Netherlands, and France. The latter is obviously unacceptable and I would ask that if you live in one of these societies that you tweet, link, or mail this post to the powers that be to make them aware of the situation!
For those of you who are interested in how this chart was put together, please see the table below with the data from Eurostat. I plotted the X-axis from 20%-80% and the Y-axis from 20%-50%. If I would have been more strict and used a 0%-100% plot on both axes none of us in the EU would have even made it to the armed section. Go figure! One consolation is that the information and communications industries are the most aware and prepared. Eurostat gives data on all member states, but this would have made the chart to crowded.
Is your society (or business) prepared and aware? Let us know!