Lax security threatens future of UK e-commer

Poor security could jeopardise UK e-commerce

Poor security could jeopardise UK e-commerce

President Clinton's call for the US to spend $2bn to enhance its computer security is a timely reminder that security is crucial to business computing.

In the UK, the hacker attack on Virgin Net last weekend - which saw 170,000 customers temporarily lose their e-mail service - is just the latest in a series of security glitches that could undermine consumer confidence in online trading and communication.

Yet, according to a survey by delivery company DHL, 90% of firms in the US no longer see security as a barrier to e-commerce sales, compared to 40% elsewhere. Is that complacency, or does the US have a real security edge over the rest of the world?

Good security technology costs money - and soaks up the rare skills of specialists, boosting the costs still further. These facts are unwelcome to the general managers of companies joining the stampede towards Web commerce.

When the main thing is to get the Web site up and bodge together a back-end solution, security can take a back seat - and the IT manager who insists on it can be seen as "stuck in the technical detail".

The security danger is especially true in companies whose e-business "model" consists of undercutting rivals on cost, and accepting low or no profits, in return for a foothold in the market and an over-inflated share price.

Yet the IT department will be hauled up before a drum-head court if a firm's e-customers deluge it with complaints over unencrypted credit card numbers, hacked sites and generally loose security.

Here is a challenge for Alex Allan, as he flies in from Australia to become the Government's "e-envoy" this week: what should the UK Government do to boost security infrastructure and expertise across business?

Allan has a ready made "to do" list on security, in the form of 10 recommendations from the Performance and Innovation Unit under the heading "Trust". Apart from implementing a national secure PKI for government IT, it is the usual mix of good intentions and generalising best practice.

Clinton's plan, by contrast, calls for government-funded research to give the US a technology edge in IT security. This is, in part, motivated out of fear that America could be the target of cyber warfare in the future - but as with all national security initiatives, US corporations will be quick to reap the benefits.

Clinton's intention to fund the training of a whole new generation of security specialists demonstrates that - as with so much else - security is a skills problem as well as a technical challenge.

One of the first tasks for Alex Allan is to translate the government's good intentions on security into a coherent initiative - backed, as in the US, by new money and a skills plan to go with it.

Just as bad money drives out good, companies that skimp on IT security will harm the prospects of those whose security is perfect, delaying the UK's progress towards leadership in e-commerce.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.