UK businesses are failing to protect their customers' personal information, a survey from the Department of Trade and Industry has revealed.
Increasing levels of online business make data protection critical
With increasing amounts of business being conducted online, data protection is ever more important, the DTI said.
While most large organisations have adopted best practices regarding network and data protection, small companies have not.
Fewer than a third of them encrypted the data they received.
Financial data exposed
Data protection has become one of the biggest causes of greater IT spending in recent years.
"While adoption of traditional security controls such as firewalls is high, often newer technologies are being adopted faster than the control to protect against their misuse," said the report.
The number of companies reporting an attack on their internet or telecommunications traffic has risen, with over one quarter of those affected saying they witnessed one attempt a day.
The businesses attacked are more likely to be those that accept financial transactions online, even though they have firewall protection.
Andrew Beard, a director at PricewaterhouseCoopers, which led the survey, said: "Somewhat worryingly the attacks on websites are rising and half of the attacks reported by respondents were described as serious."
Of those accepting financial transactions, less than two thirds encrypted the data they receive.
And of the companies that have implemented Voice over Internet protocol (VOIP), half did so without taking into account the security implications.
The phone-based survey consulted 1,000 companies.