This compares with 76% who thought that the public sector was not doing an adequate job securing personal data in the 2010 survey.
For this year’s study, nCircle surveyed 544 IT public and private IT personnel, including IT senior management, IT operations, security professionals, and risk and audit managers representing federal, state and local governments, financial services, health care and education.
At the same time, 80% of respondents believed that cybersecurity overall in the US has increased in the last year. This compares with 82% of respondents in 2010.
“Most people think that cybersecurity in the US has increased,” said Elizabeth Ireland, vice president of marketing for nCircle. “But this is balanced against the high percentage that think the public sector is not doing an adequate job keeping private information secure”, she told Infosecurity.
When asked their opinions about cybersecurity investment by the public and private sectors, most respondents thought neither side was doing enough. In 2011, 84% thought that the public sector was not investing enough, and 83% thought the private sector was not investing enough. This compares with 80% who thought the public sector was not investing enough in cybersecurity, and 78% who thought the private sector was not investing enough in 2010.
“Neither group is doing an adequate job, based on what the respondents think”, Ireland observed.
Only 24% of respondents thought their personal data was more secure today than two years ago. This compares with 27% of respondents who thought the same thing in 2010.
A full 63% of respondents thought the federal government should pass national data breach/privacy legislation that supersedes existing state legislation.
“The respondents are in the security industry, and I think that speaks to the level of complexity that is required by organizations if there are different state laws that all have a nuance to them. You can just imagine that creates a significant burden for any organization to know all the laws and do a good job of reporting”, Ireland said.
“There have been so many breaches that people aren’t even questioning any more whether legislation is needed”, she added. “There has been barely anyone who has not been touched in some way by a data breach. I think there is a lot of awareness about protecting personal information. There will be a lot of interest in that in the coming year and beyond.”
That prediction is certainly playing out in Congress, where national data breach notification legislation was introduced in both the House and Senate this week. This follows the release last month by the Obama administration of a cybersecurity legislative proposal that included a national data breach notification section.