UK companies are spending three times as much on IT security than ever before, but the annual cost of breaches still runs into several billions of pounds, according to a government survey.
Despite the improvements in security controls, the survey shows that many companies remain exposed to loss of confidential data.
Some 80% of companies that have computers stolen have not encrypted their hard drives, and two-thirds of companies do nothing to prevent confidential data leaving on USB sticks, the survey reveals.
The 2008 Information Security Breaches Survey of 1,007 businesses led by PricewaterhouseCoopers and the Department for Business, Enterprise & Regulatory Reform has highlighted that businesses are more aware of IT security issues although they have not followed with action.
"New technology is a key source of productivity gains, but without adequate investment in security defences these gains can be undermined by IT security breaches. The survey shows increasing understanding by business of the opportunities and threats, but challenges remain," said business minister, Shriti Vadera.
"There are still some fundamental contradictions," said Chris Potter, a partner at PricewaterhouseCoopers. "Some 79% of businesses believe they have a clear understanding of the security risks they face, but only 48% formally assess those risks. Also, 88% are confident that they have caught all significant security breaches, but only 56% have procedures to log and respond to incidents."
The survey also shows 71% have procedures to comply with the Data Protection Act, but only 8% encrypt laptop hard drives.
"Businesses all need to ensure that their defences are sound if they want to continue to enjoy the benefits that technology brings," said Potter.