Nearly all UK companies still have work to do to implement all the safeguards necessary to manage and control access for users to their systems and reduce the risk of crimes such as electronic identity theft.
Just 1% of companies have all the pieces of the identity and access management jigsaw, according to findings from the 2006 Department of Trade and Industry's biennial Information Security Breaches Survey.
The survey showed, however, that where organisations did have the requisite identity and access management safeguards in place, none reported a single identity-related security incident.
Key findings from the survey of 1,000 companies include:
Compliance with laws and regulations has become the key driver (90%) for managing and controlling systems access, taking over from reducing the cost of user access management and enabling new internet-enabled business ventures.
More businesses than ever are using strong authentication techniques, such as hardware tokens or digital certificates. But single factor authentication continues to prevail, with 80% of companies still relying on passwords alone.
Businesses using stronger forms of authentication, such as biometrics, had fewer security incidents than those using software tokens and certificates alone.
Nearly a fifth of large businesses reported staff gaining unauthorised access to data, while 6% suffered impersonation or phishing attacks.
The full results of the survey will be launched at the Infosecurity Europe event in London on 25-27 April. Given the level and sophistication of current threats, it is likely to make for uncomfortable reading.