Systems are being threatened by new technologies, poor policies, and a failure to evaluate risks
Investment in security technology has never been higher, but many firms are still failing to develop the security policies and risk assessment processes to ensure this spending is effective, according to a survey published this week.
The 2006 DTI annual security breaches survey, carried out by PricewaterhouseCoopers, found that expenditure on security has grown and now accounts for five percent of firms' IT budgets, on average. However, the report suggests that security expenditure is still too low and is often not targeted at key risks "[and] many UK businesses are a long-way from having a security-aware culture".
The survey of 1,000 UK businesses found that 60 percent of UK firms still do not have a security policy; a quarter do not carry out background checks on new staff; and one in eight do not educate staff of security responsibilities.
The report says attempts to encourage firms to embrace security standards are making slow progress, with just one in eight firms employing qualified security staff and only 10 percent claiming to be aware of the contents of the BS 7799 security standard.
Writing in the report, industry minister Alun Michael pledged that the government would continue to promote security standards and said he hoped the launch earlier this year of the UK Institute of Information Security Professionals would increase the number of staff with security skills.
The report also highlighted the growing risk from new technologies. For example, less than half of firms have taken any action to protect themselves against the threat of data theft posed by instant messaging software and USB devices.
The scale of the risks was further underlined by separate research published this week by security specialist Centennial Software. In its survey, almost two-thirds of staff admitted to having lost their portable USB storage devices at some time. And two-thirds of this group said that the misplaced sticks had contained critical business information.
Investment in security technology has never been higher, but many firms are still failing to develop the security policies and risk assessment processes to ensure this spending is effective, according to a survey published this week.
The 2006 DTI annual security breaches survey, carried out by PricewaterhouseCoopers, found that expenditure on security has grown and now accounts for five percent of firms' IT budgets, on average. However, the report suggests that security expenditure is still too low and is often not targeted at key risks "[and] many UK businesses are a long-way from having a security-aware culture".
The survey of 1,000 UK businesses found that 60 percent of UK firms still do not have a security policy; a quarter do not carry out background checks on new staff; and one in eight do not educate staff of security responsibilities.
The report says attempts to encourage firms to embrace security standards are making slow progress, with just one in eight firms employing qualified security staff and only 10 percent claiming to be aware of the contents of the BS 7799 security standard.
Writing in the report, industry minister Alun Michael pledged that the government would continue to promote security standards and said he hoped the launch earlier this year of the UK Institute of Information Security Professionals would increase the number of staff with security skills.
The report also highlighted the growing risk from new technologies. For example, less than half of firms have taken any action to protect themselves against the threat of data theft posed by instant messaging software and USB devices.
The scale of the risks was further underlined by separate research published this week by security specialist Centennial Software. In its survey, almost two-thirds of staff admitted to having lost their portable USB storage devices at some time. And two-thirds of this group said that the misplaced sticks had contained critical business information.
Share this page
Email this page
Back to Top
Home
Edit Post
0 comments: