8.3. Skills for managing digital security risks and privacy
The ability of organisations and people to manage digital security risk and privacy is key to fostering trust in online environments. From a business perspective, management of digital security risk needs to be integrated across the entire business process in order to be effective. It may be undertaken internally by employees or outsourced depending on the business strategy and the availability of resources, including skills present in the workforce. From an individual perspective, awareness of security and privacy threats and the competencies to prevent and respond to them are crucial for prospering in the digital society.
In 2017, ICT security and data protection functions were performed mainly by own employees in about 22% of enterprises in EU28 countries. Differences according to firm size are notable. Given the composition of the business population in most economies, this is driven mostly by the behaviour of smaller firms. Large firms are considerably more likely to perform such functions internally (57% on average) as compared to small ones (19%). In countries such as Slovenia, Austria, Latvia and Poland, the share of large firms with own employees in charge of ICT security and data protection was above 65% of all large firms.
With the almost universal uptake of digital technologies, such as smartphones, digital security and privacy skills are playing an increasingly important role in individuals’ daily lives. New evidence from the European Community Survey of ICT Usage in Households and by Individuals suggests that about 60% of smartphone users in the EU28 have restricted or refused access to their personal data at least once when using or installing an app, in contrast to 28% who have never done so. The share of those who were unaware of the existence of such functionalities was rather low (7% on average) indicating strong overall awareness of digital security and privacy threats related to smartphone use.
Training allows individuals to heighten their awareness while gaining more up-to-date digital security and privacy skills in a context of fast technological change. In the EU28, about 20% of individuals who carried out a learning activity related to the use of computers in 2018 received training on IT security or privacy management. The propensity to learn about these topics was greater among highly skilled individuals in most of the countries with available data, especially in Austria, Finland, Ireland and Hungary.
These variables from ICT usage surveys allow for the computation of internationally comparable statistics, which shed light on the availability of digital security and privacy skills across countries and link them to other usage metrics both for firms and individuals.
In 2018, only 7% of smartphone users in the EU28 did not know it was possible to restrict or refuse access to their personal data when using or installing an app.
Definitions
ICT security and data protection tasks include security testing and developing or maintaining a security software.
Business size classes are defined as small (from 10 to 49 persons employed) and large (250 and more).
Personal data restriction when using or installing an app on a smartphone relates to information such as the location or contact list.
Measurability
Official information on digital security skills can be collected from various sources including education (fields of education) or employment (occupation) statistics. However, such level of detail is not always available in an internationally comparable fashion. In this respect, it is possible to compute proxy indicators with information from business ICT usage surveys, for example, on different IT security activities performed by employees. Likewise, ICT usage surveys in households and by individuals provide valuable proxy metrics through questions related to online activities and security and privacy-related training.
Ideally, data on individuals’ digital skills should not be collected based on a given technology, as the pace of technological change is rather rapid and digital skills are increasingly device agnostic. However, depending on the policy needs, statistical agencies can introduce special modules focusing on the use of a particular technology. In this vein, the trust, security and privacy module of the 2018 European Community Survey on ICT Usage in Households and by Individuals has been administered for the first time with a focus on smartphones. New evidence shown here therefore focuses on individuals’ digital security and privacy skills when using or installing an app on a smartphone.
This module also collects information on the availability of a security software or service (e.g. antivirus, antispam or firewall) on individuals’ smartphones as well as their experience of loss of information, documents, pictures or other kind of data resulting from a virus or other hostile type of programs.