UK firms fail e-security test

Business leaders are offered advice on protecting themselves from cyberattack, as the UK government is urged to take a more active lead in IT security

Security experts have warned that e-security is dangerously poor in the UK, with most British firms failing to give enough attention to managing information risks. The Information Assurance Advisory Council (IAAC) said on Thursday that almost 95 percent of UK companies are failing to adequately protect their electronic data from attack. Senior executives must make information security a higher priority, says the IAAC, which wants to see the UK government taking a more active lead in raising Britain's level of e-security. Dame Pauline Neville Jones, chair of the IAAC, warned that companies whose systems were not protected from hackers and computer viruses were running a big risk. "In addition to the revenue cost of breaches in Information Assurance, company directors themselves are likely to face severe consequences if boards do not get to grips with a threat that the DTI estimates 'cost UK business billions of pounds in 2001,'" warned Neville Jones. A recent government-backed report found that almost half of UK businesses suffered at least one malicious security breach last year, so there is little dispute that this is a serious problem. Yet many high-level executives aren't doing, or spending, enough on e-security. According to the IAAC, only a quarter of British firms spend more than one percent of their IT budgets on security -- when between three and five percent is an accepted benchmark figure. To help these senior bosses -- who could be personally liable for losses incurred through inadequate IT security -- the IAAC has published a set of guidelines for managing information risk. Government failings?
The IAAC is keen for the UK government to take a lead in driving up e-security standards and claims that compared to other countries, the British administration could do more. Dr Andrew Rathmell, chief executive of the IAAC, believes that the target of making Britain the "world's best and safest'environment for e-commerce" is a long way off. "Effective take-up of best practice in Information Assurance remains too low in the private sector. The government has not made Information Assurance a high enough priority and has not made sufficient efforts to educate and protect UK citizens or businesses," said Rathmell. The IAAC would like to see the British government calling chief executives together to discuss how to protect vital infrastructures -- as happened in Australia -- or copying Belgium's example of creating a nationwide system to alert citizens about new computer viruses.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section. Have your say instantly, and see what others have said. Go to the Security forum. Let the editors know what you think in the Mailroom.