Thought for the day:UK business is sorry, not safe

Companies are still apathetic about e-crime but the government also has a case to answer, says Simon Moores.

Companies are still apathetic about e-crime but the government also has a case to answer, says Simon Moores.

I was at the first e-crime congress in London earlier this week, talking about IT security and business continuity planning and asking whether these represent core business functions more than year on from the World Trade Center attacks.

For many readers this may be a statement of the obvious. After all, Merrill Lynch lost two datacentres that day but the statistics of apathy make grim reading.

If 97% of UK companies have been attacked or "threatened" in some way, according to Detective Chief Superintendent Len Hynds of the National High Tech Crime Unit (NHTCU), then at least half the business community is not taking the risks seriously.

You may be familiar with the statistics from the DTI earlier this year, which said 44% of UK companies are reporting malicious attacks with an average repair cost of £30,000, some as high as £500,000.

Now, I take most of the statistics I see with a large pinch of salt, but the most recent NHTCU figures suggest the problem is getting worse and reflects almost geometric growth, month on month in the incidence of attack. Digital risk specialist Mi2G has now offered a revised projection for 2002 of 70,000 attacks, mostly targeting small- to medium-sized businesses.

According to a more comprehensive report from Riptech, November saw a decline of 8% in the number of overt digital attacks worldwide to 14,812. This was after four consecutive record-breaking months including October - when the highest number so far was recorded at 16,167.

Europe's sharp plunge accounted for a large portion of the overall decline. In the UK, attacks fell sharply by nearly 70% from 2,253 in October to 679 in November, a consequence, it is hoped, of government efforts to draw greater attention to the threat to businesses.

While the many different agencies involved can be applauded for their good work, I'm left with a sense that there remains a danger of locking the stable door after the digital horse has bolted. Let me explain.

In preparing the Broadband Britain agenda, the government has known about the risks for some time. One example is the as yet unknown "infection" rate among broadband users, a second is the relative simplicity by which inadequately protected UK Online centres might be compromised by their users or third parties.

In the rush to achieve the online agenda, blind ambition has preceded a national programme and single point of responsibility where the education and protection of the online citizen is involved. In fact, no such programme is likely to appear before the spring so, until then, it's open season on anyone who hasn't taken what you and I might think of as sensible security precautions, anti-virus, personal firewalls and so on.

Who really owns this information assurance agenda at a national level - the Office of the e-Envoy or the Home Office?

More importantly, who will pay for it? I can't imagine BT volunteering to add the unsubsidised costs of better consumer security to the costs of rolling out broadband.

This raises an interesting question. Has government spent so much effort on the big picture projects that it's been at the expense of security, that most fundamental part of IT?

What's your view?
Is the government aiming at the wrong target? Tell us in an e-mail >> reserves the right to edit and publish answers on the Web site. Please state if your answer is not for publication.

Zentelligence Setting the world to rights with the collected thoughts and opinions of the futurist writer, broadcaster and Computer Weekly columnist Simon Moores.

Read more on IT for government and public sector

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.