TechnologyAccounting SoftwareIT security kite-mark ignored.

IT security kite-mark ignored.

The government is considering ways to improve the 'appalling' take-up of security standard BS7799, as worries over IT security failures grow.

The havoc created by viruses such as the recent SQL Slammer – which caused an estimated $1bn (£618m) of damage – along with fears that IT security does not command a high enough priority for businesses, has prompted the government into action.

David Hendon, director of communication and information industries at the DTI, warned that unless business leaders gave IT security a higher profile, security standards such as BS7799 could become mandatory.

Speaking at a conference in London, Hendon said: ‘There comes a point at which society cannot allow the corporate equivalent of train crashes to keep happening.

‘Corporate responsibility will have to be considered.’

BS7799 provides a framework for implementing a security policy. The lack of firms that have achieved accreditation has worried the government – currently, only 80 certificates have been awarded to UK companies.

This is an ‘appalling’ figure, said Hendon. But, he admitted that even his own department, the DTI, was unlikely to devote money to seeking accreditation until it was forced to.

One way to encourage firms to seek accreditation would be through existing data protection law, according to lawyers. The Information Commission (IC) now includes a question on BS7799 certification in its annual data protection forms.

Under the Data Protection Act, companies holding personal data are required to ensure that the data is stored securely.

Jonathan Armstrong, technology lawyer at law firm Eversheds, believes the IC could presume that if a firm has not signed-up to BS7799, it is not taking effective measures to secure its data and so make accreditation a de facto requirement.

But businesses would oppose the imposition of standards, especially as BS7799 is an expensive process that can take several years to achieve.

The need for information security was not disputed, but this should be ‘achieved through encouragement’, not force, said Jeremy Beale, head of e-business at the Confederation of British Industry.

Firms had been put off because of the perceived costs, said David Lacey, head of information security and governance at the Royal Mail Group. But after going through the accreditation process twice, he said this was a misconception: ‘It is a very efficient way of improving security procedures,’ he said.

Related Articles

5 key tech innovations helping accountants transform their businesses

Accounting Software 5 key tech innovations helping accountants transform their businesses

3w Heather Darnell, Founder of Ask the BOSS
Finance and the tech foundation: what’s needed to deliver impactful business insights?

Accounting Software Finance and the tech foundation: what’s needed to deliver impactful business insights?

3m Workday | Sponsored
Best accounting software for businesses in the UK

Accounting Software Best accounting software for businesses in the UK

3m Accountancy Age, Reporters
Making sense of enterprise tech concepts for finance teams

Accounting Software Making sense of enterprise tech concepts for finance teams

4m Workday | Sponsored
Open Banking: what you need to know

Accounting Software Open Banking: what you need to know

4m Edward Berks, Xero
Accountancy in the digital age: Flexibility, agility, efficiency

Accounting Software Accountancy in the digital age: Flexibility, agility, efficiency

6m Pegasus Software | Sponsored
Sage purchases Intacct in its largest ever acquisition

Accounting Software Sage purchases Intacct in its largest ever acquisition

10m Alia Shoaib, Reporter
5 tips for SMEs to protect cash flow

Accounting Software 5 tips for SMEs to protect cash flow

10m Alia Shoaib, Reporter