BBC NEWS Americas Africa Europe Middle East South Asia Asia Pacific Arabic Spanish Russian Chinese Welsh

 You are in:  Sci/Tech
Front Page 
UK Politics 
Talking Point 
In Depth 

Commonwealth Games 2002

BBC Sport

BBC Weather

Tuesday, 16 April, 2002, 08:09 GMT 09:09 UK
Web attacks on the rise
Businesses increasingly under attack
Companies urged to do more to keep out cyber-vandals
Computer vandals, malicious hackers and virus writers are besieging British businesses.

A government survey has found that the number of times cyber criminals have broken through the defences of businesses has doubled in 12 months.

Despite the escalating threat from such web-based security problems, the survey found that businesses are not spending or doing enough to protect themselves from harm.

The report puts the average cost of each serious security breach at 30,000. The most serious incidents could cost up to 500,000 to fix and take days to repair the damage.

Damage assessment

The 2002 DTI Information Security Breaches survey found that 44% of all businesses questioned had suffered a malicious security incident or breach in 2001, almost double the 24% who reported suffering breaches in 2000.

Survey statistics
25%: Businesses with a security policy
44%: Companies suffering security breach
30%:-Organisations measuring return on security spending
28%: Businesses that give staff security training
53%: Check whether technology change introduces vulnerabilities
When only large businesses are counted, 78% of these report falling victim to some kind of electronic attack, be it a virus infection, hacking attempt, denial of service attack, website defacement or fraud.

"Businesses with a website connection or an internet gateway are almost perpetually under attack," said Chris Potter, partner at PricewaterhouseCoopers, which helped analyse the survey results.

Unlike many other surveys, the DTI report only counts an incident as such if it succeeds in causing damage.

The survey also found that, despite the growing number and sophistication of attacks, many businesses were not spending nearly enough cash to protect themselves.

Security investment

Only 27% of those questioned are spending more than 1% of their total technology budget on security.

Experts estimate that businesses should be spending 3-5% as a minimum and perhaps as much as 10% in high-risk areas such as financial services.

Mr Potter said many businesses saw security as an overhead rather than an investment. Even worse, he said, very few companies measured whether the money they spent on improving security had the desired effect.

"There's a lot of fire-fighting expenditure," he said, "so when there is an incident they fork out protecting themselves so it doesn't happen again rather than think about the level of spending they should be making."

Mr Potter said that one of the big changes since the 2000 survey was the neglect of staff training.

"Where people are spending money on security it seems to be around technology," he said. "They take a fairly narrow information technology view of security rather than as a part of a strategy to embed a security culture within an organisation."

Fewer organisations are now telling employees about responsible use of e-mail, the web and passwords.

Even fewer were educating support staff to spot and deal with malicious hackers that try to trick them into revealing key information about a company's computer systems.

But Mr Potter said the news from the survey was not all bad.

The number of incidents over the 12 months covered by the survey had made many organisations realise how important it was to protect themselves against attack, he said.

The full report will be published at the Infosecurity show being held at London's Olympia from 23-25 April.

See also:

31 Jan 01 | Sci/Tech
Major net security holes identified
31 Jul 01 | Sci/Tech
Hackers to the honey
11 Apr 00 | Scotland
Hacker attacks warning
08 Mar 02 | Sci/Tech
Hacking with a Pringles tube
26 Mar 02 | Sci/Tech
Wireless London is wide open
22 May 01 | Sci/Tech
Cheese beats crackers
12 Apr 02 | Sci/Tech
Snapshot shows net under attack
Internet links:

The BBC is not responsible for the content of external internet sites

Links to more Sci/Tech stories are at the foot of the page.

E-mail this story to a friend

Links to more Sci/Tech stories