The Department of Trade and Industry (DTI) has launched its 'Information Security Breaches 2002' survey. Managed by a consortium of companies, the survey forms part of the DTI's work with industry managers aimed at promoting the value of effective information security management.
Information security breaches can have a profound and lasting effect on companies large and small. That said, there is still a good deal of ignorance exhibited towards the problem. Figures published only last year by the Department of Trade and Industry (DTI) suggested that 60% of organisations across the UK had suffered some form of data security breach, but only 14% of those firms had a security policy in place to combat the threat.

Over 40% of companies reported that security breaches were due to operator or end user error, reinforcing the belief that information security problems cannot be solved by technology alone.

Even more telling in the 2000 survey results, perhaps, was that very few of those organisations surveyed were able to assess the true business implications of security 'break-ins' that they had suffered. Those that were indicated that the cost of a single breach was in excess of £100,000.

In my experience, information security has never been higher on a given Board's agenda than it is today. In the commercial environment of 2001 and beyond, the right security can enable businesses to drive out costs through opening up access to their core business systems across the Internet. At the same time, however, the threat from hackers and cybercrime is ever-increasing, so the wrong type of security can cost your company dear.

It's often quite hard to decide what level of data and IT security you should adopt. There's no such thing as 100% security, so many business people struggle to understand what level is sufficient for their needs.

Not only that, all businesses tend to be very secretive about security incidents that do occur, so it's difficult for service providers – such as the anti-virus vendors – to determine the most critical areas to be secured.

The 2002 DTI survey
In a bid to raise awareness of these problems among Boards of Directors and the security managers that work for them, the DTI has just launched its 2002 'Information Security Breaches Survey'. Managed by a consortium of companies led by PricewaterhouseCoopers – and including RSA Security, Symantec, Genuity and Countrywide Porter Novelli – the survey promises to be the most comprehensive ever produced on home shores.

Running from now until January 2002, the survey will consist of over 1,000 telephone interviews and 100-plus face-to-face interviews. In addition, the survey – which will address new risk areas such as e-business, wireless networks and e-procurement – is allowing security managers to participate on-line through a dedicated web site (to be found at: www.security-survey.gov.uk).

The results will be published at InfoSecurity (Europe) next April.

All IT and security managers are urged to respond on-line. If they do, an electronic copy of the 2002 survey results will be sent through free-of-charge as and when they are collated.

The survey web site uses beTRUSTed encryption to ensure that all data is secure.

Source

SMT

Postscript

Chris Potter is e-business security partner at PricewaterhouseCoopers