Despite the increasing legislation, and directors' liability for e-mails sent by their own staff, a survey revealed
by Content Technologies showed that 60%
of business managers have had no training on computer security issues.
The statistic reflects the fact that although e-mail and Internet viruses, pornography and other security breaches
are on the increase, the problem is often not understood at board level.
The survey of 750 international businesses was undertaken by Secure Computing magazine and sponsored by Content
Technologies, a developer of e-mail and Internet content security and policy management solutions.
Of the companies surveyed, two thirds of organisations have suffered virus, worm or 'Trojan' related problems
over the past year (such as Melissa or the Lovebug). In one incident the cost to the organisation was placed at
over $1 million.
Computer viruses still cause the biggest security problems for companies in terms of number of incidents and
lost working hours.
However, pornography in e-mails is also becoming increasingly problematic (with spam and hacking close behind
in third and fourth positions).
Some companies are failing to respond to threats, despite increasing risks. Almost a third of companies still
have no manager responsible for computing security; and over 60% of business managers have no training in computer
Of the business managers who have had training, over 60% had their training more than 12 months ago.
Breaches in confidentiality are on the increase and are of growing concern to companies, as is harassment by
Two thirds of organisations either have no e-mail and Internet policy or have one that isn't enforced; one in
four companies saw no need to educate users, and a further one in three leave it to a policy booklet.
Where technology was employed, the IT department had a high level of influence generating the purchase of security
software. However, so too did marketing departments. Yet some of the departments which stand to lose most from
security issues had less influence, including human resources, finance and engineering.
Chris Heslop, Content Technologies' Worldwide marketing director, said: "This research confirms that the
majority of organisations still have no e-mail and Internet usage policy in place to protect not just their businesses
but also their employees. Organisations need to establish an e-mail and Internet usage policy, educate their employees
on the policy and enforce it using content security software such as the MIMEsweeper family of products. We believe
that by deploying such procedures organisations are more able to protect themselves from the loss of intellectual
property, corrupted data, loss of productivity and exposure to legal liability as well as protecting their employees
Paul Robinson, editor of Secure Computing, said: "We are beginning to see many of the issues we predicted
last year emerging as clear trends. Viruses have continued to be the main source of security breaches, but connectivity
to the Internet means that pornography and confidentiality are becoming greater problems, a trend which I predict