The government has urged companies to take IT security more seriously, amid concern that almost three-quarters of firms have no policy on information security.
Speaking at an event in London on Tuesday, e-commerce minister Stephen Timms said it is unacceptable that just 27 percent of companies have an IT security policy, according to a recent official survey. Timms believes that many senior company executives are failing to give enough attention and resources to this critical issue.
"If only 27 percent of companies actually have a policy on this issue then the challenge of engaging the other 73 percent of company boards is a real and important one," said Timms. "This basic failure to set objectives and goals fed through into the survey's findings of a host of management shortfalls -- under-investment, lack of analysis of investment, lack of appropriate personnel policies, security processes and technical security," he added.
Timms was speaking in London at the Information Assurance Advisory Council's third annual symposium, where he also explained that the government is promoting best practice standards to address the issue.
The fact that just 27 percent of companies have an IT security policy came to light earlier this year with the publication of the Information Security Breaches Survey 2002, a survey of UK companies conducted by PricewaterhouseCoopers. This figure was actually a 100 percent increase compared to the previous year, which Timms described as evidence that at best the UK has "progressed from the disastrous to the bad."
There is understood to be concern within government circles that the growth of e-commerce in Britain is threatened by poor e-security.
The Information Security Breaches Survey 2002 calculated that hacking and virus attacks are costing British companies billions of pounds a year, and found that 44 percent of UK businesses suffered at least one malicious security breach in 2001.
Last month, Timms gave his backing to the launch of Part 2 of BS 7799 -- a new guideline that aims to make businesses better defended against risks such as hackers and computer viruses.