Following my recent video message I thought I’d say a bit about the importance of a strong incident reporting culture – the need for everyone in an organisation to get why it is so important to log security incidents, no matter how small or seemingly trivial.
In the security world, a good reporting culture doesn’t get much airtime against big topics like cyber security. But I think it’s really important. In HMRC we have an excellent reporting culture, partly because of a particular incident a while back. If you work in an organisation like HMRC, you can just sense how valuable and sensitive customer information is, and the need to protect it runs deep. And on the front page of our intranet is an easy link to report any security incidents, from a lost pass or unlocked drawer to more serious breaches.
Only by collecting that information can we really understand what is going on in the organisation. My team do a brilliant job triaging to ensure we can get right onto incidents and deal with them quickly. But they also do lots of analysis to spot trends and opportunities for improvement. That’s resulted in a year on year reduction of incidents and improved the service we give customers.
We’ve done a few things to help keep that culture going: make it as easy as possible for people to report; don’t target reductions in the number of incidents because that can drive under-reporting; reward self-reporting (within reason) and try to show how important the reports are to reducing incidents and improving customer service.
Add your comments below on the ways you drive your reporting culture – I’ll be really interested to know how you drive this important element of security.