UK companies are spending three times as much on IT
security than ever before, but the annual cost of breaches still
runs into several billions of pounds, according to a government
survey.
Despite the
improvements in security controls, the survey shows that many
companies remain exposed to loss of confidential data.
Some 80% of companies that have computers stolen have not
encrypted their hard drives, and two-thirds of companies do nothing
to prevent confidential data leaving on USB sticks, the survey
reveals.
The 2008 Information Security Breaches Survey of 1,007
businesses led by PricewaterhouseCoopers and the Department for
Business, Enterprise & Regulatory Reform has highlighted
that businesses are more aware of IT security issues although
they have not followed with action.
"New technology is a key source of productivity gains, but
without adequate investment in security defences these gains can be
undermined by IT security breaches. The survey shows increasing
understanding by business of the opportunities and threats, but
challenges remain," said business minister, Shriti Vadera.
"There are still some fundamental contradictions," said Chris
Potter, a partner at PricewaterhouseCoopers. "Some 79% of
businesses believe they have a clear understanding of the security
risks they face, but only 48%
formally assess those risks. Also, 88% are confident that they
have caught all significant security breaches, but only 56% have
procedures to log and respond to incidents."
The survey also shows 71% have procedures to comply with the
Data Protection Act, but only 8% encrypt laptop hard drives.
"Businesses all need to ensure that their defences are sound if
they want to continue to enjoy the benefits that technology
brings," said Potter.