Nearly half (44 percent) of UK businesses have suffered a malicious security breach in the past year, according to The Department of Trade and Industry's 2002 Information Security Breaches Survey.
Firms have much to learn about IT care
The government report, which will be released next week, showed that the number of cyber crime victims has doubled since the survey's predecessor was compiled in 2000.
"While UK businesses are using the internet to become increasingly successful and information driven, the failure to consider increasing threats to information security is costing companies, both large and small, dearly," said Chris Potter, a partner at PricewaterhouseCoopers, which helped compile the results.
But relatively few businesses are investing enough money in protecting themselves from hackers, with only 27 percent of companies spending more than one percent of their total technology budget on security.
This compares fairly well to yesterday's news story on whether PC Advisor readers' security is as lax as the average — you thought not, but our small survey turned up some worrying results.
"Billions of pounds each year [are] lost due to security breaches," said Potter. "The value of this is the equivalent of giving everyone working in a UK company an extra day's holiday each year."
With the average cost of a security breach costing firms at least £30,000, up to £500,000 in cases involving large companies, experts estimate that businesses should be spending a minimum of three percent, a lesson of prevention is better than cure.
Another main problem is that company employees are still the weakest link. Although most businesses understood the importance of the human factor, only 59 percent carried out background checks on new employees.
Worse still, only 28 percent made staff aware of their obligations regarding security issues and, as a result, 16 percent had incurred security breaches as a result of poor staff training.
"Most companies we surveyed expect the number of security incidents to rise over the coming year. Companies need to take action now to translate their commitment to security information into reality," added Potter.
The full survey will be launched to businesses at next week's Infosecurity Europe conference.