Webtrends Tracking Code
 
UK Home >  OUT-LAW News >  News Archive >  2002 >  April 2002 >  PwC survey finds lack of information security in UK business

PwC survey finds lack of information security in UK business

OUT-LAW News, 16/04/2002

Lack of investment in security systems is allowing companies in the UK to fall victim to increasing security breaches, according to a study carried out by PricewaterhouseCoopers on behalf of the Department of Trade and Industry.

PwC found that the average cost of each serious breach is £30,000, and several companies reported incidents costing them more than £500,000.

The survey, which claims to be the most comprehensive survey on information security in the UK to date, was conducted by PwC, the world’s largest professional services organisation, in conjunction with RSA Security, Symantec, Genuity and Countrywide Porter Novelli.

It shows that three-quarters of UK businesses believe that they hold sensitive or critical information, but only one-quarter have a security policy in place to protect it. Three-quarters of UK businesses identified information security as a high priority for senior management (compared to half in 2000). However, PwC found a clear disconnect between this and actual practice.

The number of UK businesses that have suffered a malicious security incident since 2000 has almost doubled. Half of companies (four out of five large businesses) fell victim over the past year to viruses, hacking attacks, fraud, and other information security breaches, compared to one quarter in 2000 and less than one in five in 1998.

The survey also shows that UK businesses are not spending anywhere near enough to protect the business that they are doing on-line. Only one quarter spend more than 1% of their IT budget on security. According to PwC, 3-5% is acknowledged as the minimum reasonable level, rising to an average of 10% in high risk sectors such as financial services.

The main reason for the lack of investment in security measures appears to be a failure to recognise the economic return. Less than one third of businesses ever evaluate the return on investment on their security expenditure.

The 2002 DTI Information Security Breaches Survey was commissioned to encourage the boards of UK businesses to take effective action to protect their competitiveness and profitability. The survey was conducted between October 2001 and January 2002 and involved 1,000 telephone interviews, 100 face to face interviews and answers to an on-line questionnaire. The full results of this sixth, biennial survey will be published at Infosecurity Europe 2002, a London event, on 23 April.

A four-page executive summary of the 2002 survey and the detailed technical report of the 2000 survey are available at www.security-survey.gov.uk

 

 

OUT-LAW Recommends

Data Protection training
We offer training courses on Data Protection and Freedom of Information laws

Winner at 2008 Webby Awards

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.