The number of organisations that have suffered a serious security breach since 2000 has doubled, government research reveals.
Four out of five businesses have been hit by serious viruses, hacking attacks, fraud and other damage in the past 12 months, compared to 25% two years ago, and less than 20% in 1998.
This is costing companies an average of £30,000 a time, but several companies quoted costs of more than £500,000, the Information Security Breaches survey from the Department of Trade & Industry reported.
Despite the growing seriousness of the risks, only 16% of companies have tried to take legal action against the perpetrators. Just over half said the breaches were not serious enough to justify court action, 20% said no laws were broken, 8% did not know who to pursue, and 4% feared bad publicity.
The findings will add weight to calls to review the effectiveness of the UK's computer crime laws.
More than 7% of companies with Web sites admitted denial of service attacks, a crime that is not easy to prosecute under the Computer Misuse Act. About 14% of incidents related to systems failure or data corruption.
As the number of security breaches rises businesses are finding it increasingly difficult to obtain cover for damage under general insurance policies. More than half of UK businesses are not covered or do not know if they are covered for IT security breaches. Only eight of the 1,000 organisations questioned have taken out specialist IT security insurance.
Although two-thirds of the companies questioned said that reporting crimes is important, fear that it could attract the attention of the press or regulators deters them, said Chris Potter, partner at Pricewaterhouse Coopers, which conducted the survey for the DTI.
All the answers
Infosecurity Europe 2002 takes place on 23-25 April at Olympia, London. The Computer Weekly Infosecurity User Group will hold its inaugural meeting at the show. Details at www.infosecurity.co.uk/