Survey exposes FTSE firms' lack of IT security knowledge

The UK's largest companies are taking a piecemeal approach to IT security, and the majority have little understanding of what is...

The UK's largest companies are taking a piecemeal approach to IT security, and the majority have little understanding of what is meant by best practice in IT security, a survey of FTSE 500 companies has found.

Although most companies claim to be following best IT security practice, when questioned closely, it was revealed that more than 40% are not taking the basic steps necessary to safeguard their systems.

Fewer than 25% of the 148 firms questioned have heard of the BS7999 security standard for best practice, and only 10% of those that are aware of the standard are seeking accreditation.

Despite this fact, 64% of companies already trading online believe that poor security is hindering the growth of e-commerce, and 35% say they are concerned about the public's lack of confidence in the security of Internet trading.

The findings suggest that firms may be bypassing formal security procedures in favour of technical quick fixes, such as installing firewalls and virtual private networks.

"People are wasting their money on security. They are investing in point security solutions when they should be stepping back from day-to-day issues and taking a more structured approach," said Martin Sutherland, head of security at consultancy, Detica, which commissioned the research.

Most organisations plan to improve their security within the next two years. Of those surveyed, 73% said that publicity surrounding high-profile security breaches has encouraged them to add more protection to their systems and 80% think that e-commerce will eventually become more secure.

Of the companies not yet conducting business over the Internet, 25% said they would do so within the next six months, 43% within a year and 29% within two years.

Most companies favour trading over the Web, with only a handful conducting business through digital TV and Wap devices.

Read more on IT risk management

SearchCIO
SearchSecurity
SearchNetworking
SearchDataCenter
SearchDataManagement
Close