Lax security shaming UK businesses

New survey, same worrying findings...
Written by Suzanna Kerridge, Contributor

New survey, same worrying findings...

Only one in four companies are properly protected from hacks or virus attacks, even though nearly three quarters of senior managers in the UK put security high up on their agendas.

According to the Department of Trade and Industry's latest Information security breaches survey, which was conducted by PricewaterhouseCoopers (PwC), 73 per cent of senior management think security is extremely important, but only 25 per cent actually have a security policy in place to protect their networks.

A similar survey conducted by Ernst and Young in March revealed similarly worrying statistics, with just 53 per cent of companies having business continuity plans in place. Only 49 per cent of these have been tested.

Chris Potter, a partner at PwC, said: "One issue companies have is that business people understand the risks but don't understand the detail. The business people don't know what to spend money on and the IT people don't frame the security spend in the same way they do other projects in terms of a business case and a return on investment."

The rapid rise of ecommerce has left many more companies vulnerable to attack, he added. While UK firms are increasingly using the internet they are failing to consider the ensuing risks.

Billions of pounds are lost each year as an increasing number of employees are given access to the internet and email.

Potter said: "The three main areas which showed the biggest rise in incidents over the last two years are viruses, hacking and employee misuse of IT - this includes sending inappropriate emails or looking at inappropriate websites."

Employees need to be educated in security policy, he added.

Corporate espionage and theft also contribute to the problem. Ofir Arkin, managing security architect at security consultancy @stake, said: "Some businesses trust their own users but we know that this doesn't hold when offered the right amount of money for accessing information from restrictive areas of the network. Companies need to know what users are doing as industrial espionage is rife."

Companies fail to invest in security as it is often considered not to provide an economic return, according to the DTI. Potter estimates each security breach costs £30,000 to fix while several larger companies have reported spending £500,000 to repair the damage caused by fraud, hacking and viruses.

Arkin said keeping yourself in business should be seen as the return on investment.

Editorial standards