 |
|
| CURRENT SECTION :: TechZone | UK's most visited IT Contractor Site - 250k unique visitors March 2008 |
|
 |
UK businesses seem nearly as sloppy with their computer security as public sector organisations, despite giving their IT departments much more money to tighten it up. Their average spending on cyber defences has tripled over the last six years, up from 2% of the tech department’s total budget in 2002, to about 7% today. Unveiling its findings, PwC said pouring in more cash has resulted in the total cost of UK plc’s security problems dropping by a third, to £6billion in 2007. Despite the reduction, the average seriousness of incidents has increased, and most companies that were stung experienced several further breaches in the year. Once their IT security was breached, 78% of corporate victims admitted they failed to react by mandating encryption on all of their computers. Two-thirds of the 1,000 business interviewed did not prevent confidential data leaving on USB sticks, and 79% were clueless about security standards BS7799/ISO27001. The worst incident in terms of damage depended on the size of the business, varying from £15,000 for smaller firms to £1.5million for the largest of businesses. Coupled with their increasing severity, these financial burdens for businesses are ominous, particularly given just 17% expect fewer IT security incidents in 2008. The findings prove that UK plc is generally pessimistic about the IT security outlook, PwC said. “Companies need to change from an attitude of combating today’s problems to thinking about the future proactively,” added Chris Potter, a partner at PricewaterhouseCoopers. “It’s a bit like the difference between battening down the hatches when a hurricane comes and taking steps to combat climate change. Businesses need to respect the opportunities that e-commerce represents but also consider their duty to protect its users in the long term future.” Approaches to corporate IT security were, he said, suffering from “some fundamental contradictions.” While some 79% of businesses believe they have a clear understanding of the security risks, only 48% formally assess those risks. Moreover, 88% are confident that they have caught all significant security breaches, but only 56% have procedures to log and respond to incidents. And though 71% said they have procedures to comply with the Data Protection Act, just 8% encrypted laptop hard drives. However, the private sector is less likely than its public counterpart to be the victim of data security gaffes, publicly at least. According to the Information Commissioner’s Office, there have been 94 data security incidents since the Revenue lost 25million people’s details in the post. Sixty-two of those were in government departments and other public sector bodies, four were at charities, and 28 were reported by private organisations. Apr 24, 2008 Email this article Printer friendly page Previous Page
|
|
 |
||||||||||||||||||||||||
| All content © Contractor UK Limited | [Register for News Letter] | [Privacy Statement] | [Terms of Use] | [Top of Page] |