Companies are failing to encrypt sensitive financial data about their customers, despite a rise in the number of attempted hacking attacks against financial websites.
The Department of Trade & Industry's Information Security Breaches Survey 2006 has revealed that less than 66% of firms doing business online encrypt sensitive financial data they receive about their customers.
The findings come as the number of reported attacks against networks is rising, with more than 25% of businesses reporting at least one significant attempt to break into their networks a day.
"What is worrying is that with more transactions being conducted over the internet, people are still dependent on perimeter security," said Andy Beard, director at PricewaterhouseCoopers, which managed the survey on behalf of the DTI.
Protecting customer information was one of the biggest drivers for security spending for 90% of firms surveyed. Only 60% said their security spending was driven by enabling business opportunities.
Despite this, 10% of firms with a website lack a firewall, and 33% have not deployed intrusion detection software, placing themselves and their customers potentially at risk.
The survey revealed that network security attacks were responsible for 7% of the worst security incidents during 2005. Sixty per cent of the attacks resulted in lost internet connectivity, 25% caused more than a day's disruption, and 10% led to customer complaints.
Unsecured wireless networks represent a significant threat to businesses, with 20% of firms having no security controls on their wireless networks.
On the positive side, all the companies surveyed said they protected financial websites with firewalls, and the proportion of firms using intrusion detection software has risen from 25% in 2004 to 66% in 2005.
Companies remain cautious about public wireless hotspots, with only 12% allowing staff to use them to access work systems. Of those that do, 60% encrypt transmissions.
l The full results of the survey will be launched at InfoSecurity Europe in London on 25 to 27 April