Companies still neglecting security, warns PwC

Link: Protecting your company’s digital assets

That is the conclusion of the fifth annual Global Information Security Survey carried out by PricewaterhouseCoopers for Accountancy Age’s partner magazine Information Week.

GISS questioned IT managers and security professionals at 8,100 sites worldwide. More than 3,000 of those were Computing readers in Europe and the UK.

Almost two thirds of respondents said information security is still a fundamental concern, yet many admit to not knowing how much breaches cost, not reviewing security policies and not reporting breaches to law enforcement agencies.

The security spending boom has yet to materialise with the majority of companies spending less than $500,000 a year, with Europe behind the US.

Security breaches were recorded at 66% of the worldwide sites in the past year, but almost half of European organisations said they had no idea how much those attacks cost them.

The biggest source of attacks, according to the organisations surveyed, is external hacking which rose from 46% in 2001 to 55% this year.

Internal sources, such as employee misuse or disgruntled staff accessing unauthorised areas of the network, have declined year-on-year to 50 per cent.

Yet most companies are still afraid of the damage to reputation to report those attacks to the police, with 53% of European organisations not reporting breaches.

Businesses are increasingly adopting staff awareness programmes on security combined with technologies such as virtual private networks to secure data, according to GISS. Yet a quarter have neither reviewed nor measured the effectiveness of their corporate security policy in the past year.

Viruses remain the most common type of security breach, accounting for 44% of incidents – down slightly from 2001.

This drop is due to the increased vigilance of IT managers in updating anti-virus software, according to GISS.

Security technology is the biggest factor in businesses discovering attacks with firewall logs and intrusion detection systems coming ahead of alerts from colleagues.

Related reading

HMRC banknotes