Businesses are shunning the courts despite a huge rise in the
number of serious security breaches of IT systems over the past two
years.
The number of organisations that have suffered a serious security
breach since 2000 has doubled, government research reveals.
Four out of five businesses have been hit by serious viruses,
hacking attacks, fraud and other damage in the past 12 months,
compared to 25% two years ago, and less than 20% in 1998.
This is costing companies an average of £30,000 a time, but several
companies quoted costs of more than £500,000, the Information
Security Breaches survey from the Department of Trade &
Industry reported.
Despite the growing seriousness of the risks, only 16% of companies
have tried to take legal action against the perpetrators. Just over
half said the breaches were not serious enough to justify court
action, 20% said no laws were broken, 8% did not know who to
pursue, and 4% feared bad publicity.
The findings will add weight to calls to review the effectiveness
of the UK's computer crime laws.
More than 7% of companies with Web sites admitted denial of service
attacks, a crime that is not easy to prosecute under the Computer
Misuse Act. About 14% of incidents related to systems failure or
data corruption.
As the number of security breaches rises businesses are finding it
increasingly difficult to obtain cover for damage under general
insurance policies. More than half of UK businesses are not covered
or do not know if they are covered for IT security breaches. Only
eight of the 1,000 organisations questioned have taken out
specialist IT security insurance.
Although two-thirds of the companies questioned said that reporting
crimes is important, fear that it could attract the attention of
the press or regulators deters them, said Chris Potter, partner at
Pricewaterhouse Coopers, which conducted the survey for the
DTI.
All the answers
Infosecurity Europe 2002 takes place on
23-25 April at Olympia, London. The Computer Weekly Infosecurity
User Group will hold its inaugural meeting at the show. Details at
www.infosecurity.co.uk/