PracticeConsultingDTI report highlights security failings

DTI report highlights security failings

Around 60 per cent of UK businesses have suffered a security breach over the last two years, according to the latest survey from the Department of Trade and Industry (DTI).

Published this week in conjunction with the Infosec security conference, the Information Security Breaches Survey 2000 worryingly revealed that over 30% of the 1000 organisations questioned do not recognise that their business information is either sensitive or critical and, therefore, a business asset.

Of those organisations that have critical or sensitive information, 43% have suffered an ‘extremely serious’ or ‘very serious’ breach, and a further 20% had suffered a ‘moderately serious’ breach in the last two years.

The main cause of the breaches was found to be the result of operator or user error, with 40% of companies acknowledging that information security cannot simply be solved by technology. And nearly three quarters of organisations that suffered a ‘serious’ breach had no contingency plan in place to deal with it.

But the DTI also found that over half of the organisations that have suffered a breach which they consider to be their ‘most serious’ do not believe there is anything they could have done to prevent it, even though the companies involved indicated that the cost of a single breach was in excess of £100,000.

The DTI said the problem is that only one in seven organisations has a formal security policy in place. ‘The presence of a formal policy is one of the most important issues in reporting and resolving security breaches,’ said the report.

‘Given the prominence of “people issues”, ranging from user and operator error through to fraud, typically being the cause of security breaches, the need for implementing a framework for information security management systems is stronger now than ever before,’ it added.

Some 37% of organisations undertake risk assessment, usually every six months, and a further 15% intend to do so, the report found. A total of 83% have virus protection and password controls, which shows that some hard and fast rules are being adhered to.

As a result, the DTI found ‘an illuminating state of information security awareness in the marketplace’.

However, there is still insufficient awareness and understanding of what can be done to combat the more significant risks, particularly those posed by human actions.

‘It is only when these procedural and management issues have been addressed that organisations can decide on what security technologies they need,’ the report concluded.

First published on vnunet.com

Related Articles

5 tips for SMEs to protect cash flow

Accounting Software 5 tips for SMEs to protect cash flow

5m Alia Shoaib, Reporter
Tyrie on Finance Bill 2017: ‘Making Tax Policy Better’

Consulting Tyrie on Finance Bill 2017: ‘Making Tax Policy Better’

11m Stephanie Wix, Writer
Managing partner Q&A - the year ahead: Richard Toone, CVR Global

Accounting Firms Managing partner Q&A - the year ahead: Richard Toone, CVR Global

12m Kevin Reed, Writer
Deloitte 'self-imposes exile' on government contracts to defuse PM row

Accounting Firms Deloitte 'self-imposes exile' on government contracts to defuse PM row

12m Kevin Reed, Writer
Managing partner Q&A - the year ahead: Julie Adams, Menzies

Accounting Firms Managing partner Q&A - the year ahead: Julie Adams, Menzies

12m Kevin Reed, Writer
Friday Afternoon Live: Deloitte's tech thing; PAC wants HMRC 'contingencies'; and Sports Direct

Business Regulation Friday Afternoon Live: Deloitte's tech thing; PAC wants HMRC 'contingencies'; and Sports Direct

1y Kevin Reed, Writer
Friday Afternoon Live: HMRC complaints rise; Deloitte scoops big audits; and corporate reporting woes

Audit Friday Afternoon Live: HMRC complaints rise; Deloitte scoops big audits; and corporate reporting woes

1y Kevin Reed, Writer
New head of equity capital markets for KPMG

Accounting Firms New head of equity capital markets for KPMG

1y Stephanie Wix, Writer