Security policy: risks addressed and staff awareness

  • Dimensions

    • Unit of measure
      • Percentage of enterprises
      • Percentage of enterprises with an ICT security policy
      • Percentage of enterprises with an ICT security policy (as of 2015)
      • Percentage of the enterprises which use a computer
    • Enterprise size and Nace Rev. 2
      • 10_SIEXT
      • 10_SIEXTX
      • 10_SIINT
      • 10_SIINTX
      • Accommodation (10 persons employed or more)
      • Administrative and support service activities (10 persons employed or more)
      • All enterprises (10 persons employed or more), without financial sector, which do not share electronically information with business partners
      • All enterprises (10 persons employed or more), without financial sector, which do not share electronically information within the enterprise
      • All enterprises (10 persons employed or more), without financial sector, which have internet access but do not use broadband
      • All enterprises (10 persons employed or more), without financial sector, which share electronically information with business partners
      • All enterprises (10 persons employed or more), without financial sector, which share electronically information within the enterprise
      • All enterprises (10 persons employed or more), without financial sector, which use broadband
      • All enterprises, without financial sector (10 persons employed or more)
      • All enterprises, without financial sector (10 persons employed or more) (for comparison with 2009)
      • Construction (10 persons employed or more)
      • Electricity, gas, steam, air conditioning and water supply (10 persons employed or more)
      • Financial and insurance activities (10 persons employed or more)
      • ICT sector (10 persons employed or more)
      • Information and communication (10 persons employed or more)
      • Large enterprises (250 persons employed or more), without financial sector
      • Manufacture of basic metals & fabricated metal products excluding machines & equipments (10 persons employed or more)
      • Manufacture of coke, refined petroleum, chemical & basic pharmaceutical products, rubber & plastics, other non-metallic mineral products (10 persons employed or more)
      • Manufacture of computers, electric & optical products, electrical equipment, machinery & equipment n.e.c, motor vehicles, other transport equipment, furniture, other manufacturing, repair & installation of machinery & equipment (10 persons employed or more)
      • Manufacture of products based on: food, beverages, tobacco, textile, leather, wood, pulp and paper; publishing and printing (10 persons employed or more)
      • Manufacturing (10 persons employed or more)
      • Medium enterprises (50-249 persons employed), without financial sector
      • Micro enterprises (1-4 persons employed), without financial sector
      • Mini enterprises (5-9 persons employed), without financial sector
      • Professional, scientific and technical activities (10 persons employed or more)
      • Real estate activities (10 persons employed or more)
      • Retail trade, except of motor vehicles and motorcycles (10 persons employed or more)
      • Small enterprises (10-49 persons employed), without financial sector
      • SMEs (10-249 persons employed), without financial sector
      • Transportation and storage (10 persons employed or more)
      • Very small enterprises (1-9 persons employed), without financial sector
      • Wholesale and retail trade; repair of motor vehicles and motorcycles (10 persons employed or more)
    • Information society indicator
      • Enterprises had a formally defined ICT security policy (as of 2015)
      • Enterprises had a formally defined ICT security policy with a plan of regular review
      • Enterprises have made staff aware of their obligations in ICT security related issues
      • Enterprises have made staff aware of their obligations in ICT security related issues through compulsory training or presentations
      • Enterprises have made staff aware of their obligations in ICT security related issues through contract, e.g. contract of employment
      • Enterprises have made staff aware of their obligations in ICT security related issues through voluntary training or generally available information (on the Intranet, news letters or paper documents)
      • Enterprises have not made staff aware of their obligations in ICT security related issues
      • The enterprise's ICT security policy was defined or most recently reviewed more than 12 months and up to 24 months ago
      • The enterprise's ICT security policy was defined or most recently reviewed more than 24 months ago
      • The enterprise's ICT security policy was defined or most recently reviewed within the last 12 months
      • The enterprise's ICT security policy was defined or most recently reviewed within the last 24 months
      • The ICT security policy addressed the risks of destruction or corruption of data, disclosure of confidential data and unavailability of ICT services due to an attack or an accident
      • The ICT security policy addressed the risks of destruction or corruption of data, disclosure of confidential data and unavailability of ICT services due to an attack or an accident
      • The ICT security policy addressed the risks of destruction or corruption of data due to an attack or by unexpected incident
      • The ICT security policy addressed the risks of disclosure of confidential data due to intrusion, pharming, phishing attacks or by accident
      • The ICT security policy addressed the risks of unavailability of ICT services due to an attack from outside (e.g. Denial of Service attack)
    • Geopolitical entity (reporting)
      • Austria
      • Belgium
      • Bulgaria
      • Croatia
      • Cyprus
      • Czech Republic
      • Denmark
      • Estonia
      • Euro area (EA11-2000, EA12-2006, EA13-2007, EA15-2008, EA16-2010, EA17)
      • Euro area (EA11-2000, EA12-2006, EA13-2007, EA15-2008, EA16-2010, EA17-2013, EA18)
      • Euro area (EA11-2000, EA12-2006, EA13-2007, EA15-2008, EA16-2010, EA17-2013, EA18-2014, EA19)
      • European Union (15 countries)
      • European Union (25 countries)
      • European Union (27 countries)
      • European Union (28 countries)
      • Finland
      • Former Yugoslav Republic of Macedonia, the
      • France
      • Germany (until 1990 former territory of the FRG)
      • Greece
      • Hungary
      • Iceland
      • Ireland
      • Italy
      • Latvia
      • Lithuania
      • Luxembourg
      • Malta
      • Netherlands
      • Norway
      • Poland
      • Portugal
      • Romania
      • Slovakia
      • Slovenia
      • Spain
      • Sweden
      • Turkey
      • United Kingdom