Skip to page content |

Tiscali Quicklinks. Please visit our Accessibility Page for a list of the Access Keys you can use to find your way around the site, skip directly to the main navigation, to the page content, or to more links within business-services.

Content Starts Here

Your data could still be at risk, a survey finds

Your data could still be at risk, a survey finds

A survey led by PricewaterhouseCoopers LLP, on behalf of the Department for Business, Enterprise & Regulatory Reform (BERR), has found that IT systems and information security are more important to UK companies than ever before, with 81% of boards giving a high or very high priority to information security.

As businesses continue to grasp the opportunities provided by new technology (97% now have a broadband internet connection), there has been a real improvement in basic disciplines such as anti-virus and backups. The average spend by companies on security defences has tripled over the last six years with reported security breaches dropping by a third. Despite this reduction, the annual cost to companies still runs into several billions of pounds.

Four-fifths of companies that have computers stolen have not encrypted their hard drives, and two-thirds of companies do nothing to prevent confidential data leaving on USB sticks.

Business Minister Shriti Vadera said: "New technology is a key source of productivity gains, but without adequate investment in security defences these gains can be undermined by IT security breaches. The survey shows increasing understanding by business of the opportunities and threats, but challenges remain."

The broadband revolution has allowed companies to use the internet to reach their customers and enable their staff to be more mobile:

  • 54% of UK companies allow staff to access their systems remotely;
  • 42% use a wireless network;
  • 17% use Voice over IP telephony, and this will rise to 30% by the end of 2008;
  • 5% have moved some of their IT operations offshore; and
  • 84% are heavily dependent on their IT systems.

Over the last six years, the security landscape has changed dramatically:

  • 98% of companies now have software to scan for spyware;
  • 94% of wireless networks are now encrypted, versus only 47% in 2002;
  • 55% of UK companies have a documented security policy, versus 27% in 2002;
  • Expenditure on information security has increased from 2% to 7% of IT budget over that period;
  • 40% of businesses provide ongoing security awareness training to staff - twice as many as six years ago;
  • 14% use strong (i.e. multi-factor) authentication; and
  • 11% have implemented the British/International Standard for information security management (BS 7799/ISO 27001), versus only 5% in 2002.

After the peak in 2004, the number of companies reporting a security breach has returned to roughly the level seen in 2002:

  • 45% of small businesses reported a breach in the last year, down from 62% in 2006;
  • Larger businesses are more likely to have security breaches, with 96% of very large companies (more than 500 employees) affected;
  • Most companies affected experienced several breaches in the year - the median number of breaches is 6 and the mean is 100;
  • The average cost of the worst incident of the year is highly dependent on the size of the business, varying from roughly £15,000 for small businesses to £1.5 million for very large businesses;
  • The total cost to UK plc has dropped by roughly a third comparedwith two years ago, returning to the levels seen in 2004;
  • Companies are, however, generally pessimistic, with only 17% expecting fewer security incidents next year.

    • While 77% of UK companies say that protecting customer data is a very important driver of their information security expenditure, many companies are simply not doing enough to achieve this goal:

  • 10% of websites that accept payment details do not encrypt them;
  • 21% of companies spend less than 1% of their IT budget on information security;
  • 67% do nothing to prevent confidential data leaving on USB sticks;
  • 78% of companies that had computers stolen had not encrypted their hard drives; and
  • 79% are not aware of the contents of security standards BS 7799/ISO 27001.

    • The survey suggests five simple steps businesses of all sizes should take to protect themselves in this changing world:

    1. Understand the security threats you face, by drawing on the right knowledge sources.
    2. Use risk assessment to target your security investment at the most beneficial areas.
    3. Integrate security into normal business behaviour, through clear policy and staff education.
    4. Deploy integrated technical controls and keep them up to date.
    5. Respond quickly and effectively to breaches, e.g. by planning ahead for contingencies.

     
    Next page
     

    page: 1 | 2

    Related Links

     

    Advertisement starts

    Advertisement ends

     
    Web building software
    123-reg domains & web hosting
    Domains & web hosting
    Everything you need to get your business website online. Easy to use domain names, web hosting, site builders & ecommerce to get online and trading in minutes
    Technology news
    Tools & resources
    Managing finance
    Managing finance
    Green business
    Green business
    Raising finance
    Raising finance
    Legal issues
    Legal issues
    Insurance
    Insurance
    Marketing & PR
    Marketing & PR
    Women
    Women
    Human resources
    Human resources
    Helpful links
    Helpful links

    More Links Within This Section

    -->
    Technology

    Main Navigation


    Search

    Page Footer

    print now Print now send to a friend Send to a friend related articles Related articles related products Related products
    My account
    My account
    Access your account
    more...
    Latest news
    Latest news
    Business headlines
    more...
    Weather
    Weather
    UK and world forecasts
    more...
    Video
    Video
    Business bulletins
    more...
    © Tiscali 2008   
    . . . .

    terms of use | acceptable use policy | privacy policy | cookie policy | code of practice | terms & conditions | contact us