The majority (79%) of those responsible for security in UK businesses are not aware of the contents of information...
security standards BS 7799 and ISO 27000, according to a government survey.
The Information Security Breaches Survey is conducted every two years on behalf of the Department for Business, Enterprise and Regulatory Reform and managed by PricewaterdhouseCoopers (PwC).
Chris Potter, a partner at PwC, said, "the standards contain good guidance on what organisations can do to protect themselves, so [not knowing what is in them] is a missed opportunity."
He said it meant the UK businesses were not necessarily adopting the most effective approach to their security management, and although awareness and adoption of the standards was picking up, there was still a long way to go.
"For example, 52% of companies do not carry out any kind of formal security risk assessment process. If you do not understand the risk, how can you put the right counter-measures in place," said Potter.
Accreditation is another important aspect of standards, said Potter. "This means you can give your customers and business partners comfort about the quality of your security controls, yet relatively few UK companies have got that accreditation," he said.
Recent losses of thousands of personal details has raised the awareness of the general public about the need for greater security around information.
"Getting accreditation could be extremely valuable in helping organisations persuade potential customers to transact with them over the internet," said Potter.
The full results of the 2008 survey will be released at Infosec Europe 2008 in London on 22 April.