Advances in technology, the globalisation of the economy and the inter-connectivity of businesses have enabled organisations to process more and more information and to share information a lot easier than before. The way that information is being collected, stored, sold, shared and re-bundled is profound. This has obvious benefits, but it also gives rise to equally obvious risks that such information will be stolen, lost, or accessed, used or disclosed without authority. The endless number of high profile security breaches in New Zealand and abroad have brought attention to these risks.

Communications Minister Amy Adams’ comments that businesses need to up their game should be taken seriously. High profile security incidents have highlighted that information security is not just an IT issue, or something to be left with the “techies” – information security is a real business issue, a branding issue and a reputational issue.

Effective security does not start and end with physical and technical solutions. If people in an organisation are not exhibiting care in the way they handle information or use their IT systems, organisations face an uphill battle; there will still be a point where physical and technical security measures are undermined by a basic lack of care, professionalism or respect.

Therefore, protecting an organisation’s information and IT systems is everyone’s responsibility. An organisation should aim to build a culture of security and awareness within it. For example, everyone within an organisation needs to be aware about the organisation’s IT systems and security, and privacy policies – if these policies aren’t in place it’s time to put some in place. What’s also needed is leadership, accountability, and an organisational culture surrounding the treatment of information and IT systems. These are equally integral aspects of ensuring security and privacy compliance within an organisation.