Search for:

Jump straight to:

An unexpected error has occurred

Please enter a search term

Please select

What sectors are you interested in?

We can use your selection to show you more of the content that you’re interested in.

Want to speak to an advisor from your closest office?

Find other offices

Search for:

An unexpected error has occurred

Please enter a search term

Out-Law / Your Daily Need-To-Know

Out-Law News 1 min. read

PwC survey finds lack of information security in UK business

16 Apr 2002, 12:00 am

Lack of investment in security systems is allowing companies in the UK to fall victim to increasing security breaches, according to a study carried out by PricewaterhouseCoopers on behalf of the Department of Trade and Industry.

PwC found that the average cost of each serious breach is £30,000, and several companies reported incidents costing them more than £500,000.

The survey, which claims to be the most comprehensive survey on information security in the UK to date, was conducted by PwC, the world’s largest professional services organisation, in conjunction with RSA Security, Symantec, Genuity and Countrywide Porter Novelli.

It shows that three-quarters of UK businesses believe that they hold sensitive or critical information, but only one-quarter have a security policy in place to protect it. Three-quarters of UK businesses identified information security as a high priority for senior management (compared to half in 2000). However, PwC found a clear disconnect between this and actual practice.

The number of UK businesses that have suffered a malicious security incident since 2000 has almost doubled. Half of companies (four out of five large businesses) fell victim over the past year to viruses, hacking attacks, fraud, and other information security breaches, compared to one quarter in 2000 and less than one in five in 1998.

The survey also shows that UK businesses are not spending anywhere near enough to protect the business that they are doing on-line. Only one quarter spend more than 1% of their IT budget on security. According to PwC, 3-5% is acknowledged as the minimum reasonable level, rising to an average of 10% in high risk sectors such as financial services.

The main reason for the lack of investment in security measures appears to be a failure to recognise the economic return. Less than one third of businesses ever evaluate the return on investment on their security expenditure.

The 2002 DTI Information Security Breaches Survey was commissioned to encourage the boards of UK businesses to take effective action to protect their competitiveness and profitability. The survey was conducted between October 2001 and January 2002 and involved 1,000 telephone interviews, 100 face to face interviews and answers to an on-line questionnaire. The full results of this sixth, biennial survey will be published at Infosecurity Europe 2002, a London event, on 23 April.

A four-page executive summary of the 2002 survey and the detailed technical report of the 2000 survey are available at www.security-survey.gov.uk

Latest News

Ban on foreign investment in Australian real estate unlikely to increase housing affordability

Qatar ‘multiple wallets’ announcement demonstrates focus on strengthening mobile payment sector

Saudi Central Bank introduces new principles for internal auditing and compliance

Drafting commercial contracts: the basics and the principles

Selling in the UK as an overseas business

You might also like

Out-Law Guide

Image rights in Ireland

People are becoming increasingly aware of the risks of unauthorised use of their name, image or likeness online and the importance of being able to manage such use, especially in relation to social media and artificial intelligence (AI).

Intellectual Property

Out-Law Guide

Operational real estate: an introduction to management agreements

Real estate investors are seeking to diversify returns from their property portfolio by operating them. Returns can be boosted where returns are directly linked to the revenues and profits of well-run businesses conducted on or from the premises. This operational real estate model may be an attractive alternative to traditional lease arrangements for some real estate businesses.

Real Estate

Out-Law Guide

Human rights of businesses in the UK

While it is often assumed that human rights are reserved for human beings, companies are legal persons having rights in law and do enjoy the protections afforded by human rights legislation.

Public & administrative law

Trending topics across the site:

Out-Law News

UK government plans to revamp holiday pay calculation for part-year workers

Show me more

Out-Law Analysis

Pensions disputes: managing member expectations paramount

Show me more

Out-Law Analysis

UK subsidy control post-Brexit: access to effective judicial remedies

Show me more

Out-Law News

'Steps of court' settlement was not negligent, court rules

Show me more

Out-Law News

'Vast majority' of companies not seeking to avoid tax

Show me more

Out-Law News

'World first' industrial decarbonisation strategy developed in the UK

Show me more

Out-Law Analysis

3D printing: UK product safety issues

Show me more

Out-Law News

5G potential for business highlighted in UK funding programme

Show me more
We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.