A recent report from the Department for Digital, Culture, Media & Sport claims 10% of the UK’s 350 largest firms do not have a response plan in place for a cyber security incident.

Considering the rhetoric which is constantly flowing around, bigging up security as a top priority for firms, this is a very worrying statistic. It shows what we all feared, and possibly knew deep down; cyber and network is not always a real concern for organizations.

Now it would be unfair to label the UK alone in this state of ignorance. We’ve almost positive the statistics would not be incredibly different for other countries, but this is the report we have for the moment. The UK will sit on the naughty step alone currently, however evidence of data breaches are not limited to these isles alone. This is a global issue.

Perhaps the issue here is the threat isn’t perceived as real. If someone walked into the office and stole a computer, that’s real. It’s a physical invasion of space and the removal of an item which has been paid for. But do executives actually consider data ‘real’?

Considering the way we, as members of the general public, absent-mindedly hand out personal information on a daily basis to watch video content or play a game on our smartphone, is it any wonder some individuals do not consider a data breach as a major threat. For the most part, people are offended by other companies using our data to make money, but we don’t give a second thought about giving it to them in the first place.

When we are using Facebook, or signing up to a new subscription, there is no real thought as to whether this is a sensible thing to do. This might be because we have not adapted to the digital economy. We still think about transactions as monetary; as long as we’re not paying for it, we happy to run with the short-term gratification. Let tomorrow-me worry about what is actually happening with that same personal information.

Until we are more responsible with the way we manage our own personal information, can we really criticize others for not realizing the importance of this information? It’s a change in mind set which is critical as we evolve into the digital economy. We clearly do not value data as highly as we think, so why should others?

Some people may think they are holier-than-thou, and they of course are stringent when it comes to controlling their personal information. They are the ones who can criticize these executives, but in truth, they will be exactly the same as the rest of us. If you can answer all the questions below with yes, then you have truly earnt the right to criticize:

If there is someone who can answer all of these questions with a yes, your correspondent would be very surprised they are reading this article. If this person does exist, a fair assumption would be that they do not have a computer or any form of device which can access the internet. If any of the answers to these questions are no, then you have handed over control of your personal information.

The main issue with cyber security is that is an abdication of responsibility. In organizations, in supply chains and in the general public. We are quick to blame an organization for losing our personal information, but then at the same time we have no idea how many organizations hold information about us. Your correspondent has no idea how many subscriptions he has signed up for over the years, or the number of apps downloaded on a whim, but most of the time personal information is exchanged to access the service.

With EU GDPR just around the corner, organizations will have to be much more vigilant when it comes to managing and protecting personal information. The punishments will be severe, and considering only 6% are confident they are ready right now, there could be a few fines flying around next year. But this could only compound the security problem; fines are assigning blame, not responsibility.

While the lack of responsibility is very obvious in the general public, the government isn’t too much better either. Perhaps one question we should be asking is why the responsibility for digital developments in the UK has been spread so thinly across so many departments? Or why something as critical as the digital economy has been assigned to the same department as culture, media and sport!? It’s not exactly sending the right message from top down.

Ultimately it is the individuals inside the organization who will make cyber security a reality, not the organization itself. And that starts with the general public. Until the man on the street protects his personal identity the same way bank accounts are protected, the free-flowing data breaches are going to continue.

We’re not defending this ignorance and negligence to cyber security which the report has uncovered, but we are saying the abdication of responsibility from the individual is a contributing factor. We need to evolve our mind set before we can evolve security.