Businesses received a clear warning today that the government expects them to take responsibility for their own IT security, no matter how small they are.
Speaking to the audience at the Information Security Solutions Europe conference in London, DTI minister for e-commerce and competitiveness, Douglas Alexander, said the government will take a dim view of companies whose lapses in information security cause disruptions to online business.
"It's tempting for people to say: 'No one is likely to attack my business, but in an interconnected world, it is up to us all to protect the whole system," said Alexander. "Those businesses that don't [and by their negligence cause problems for others] will be regarded as failing in their duty."
The government is increasingly concerned that ignorance among business users has exacerbated recent cyber attacks such as the Code Red and Nimda worms.
Legislation, such as the Data Protection Act, Electronic Communications Act and Ripa (Regulation of Investigatory Powers Act), much of it derived from European Directives, already puts considerable pressure on businesses to ensure that their IT systems comply with the legal requirements.
Alexander admitted that it would be much harder for Britain's myriad small businesses to provide adequate security for their IT systems. "Small businesses will inevitably struggle with these issues," he said, and promised the DTI would help where it could.