Most businesses are not doing enough to secure their networks against identity fraud, a UK government survey says.
Identity thieves can work inside companies
Growing numbers of firms are using strong authentication to restrict unauthorised access, according to the Department of Trade and Industry.
But large companies still recorded a small increase in identity-related security breaches during 2005.
The DTI is urging firms to install multi-layered security systems and not to rely entirely on password access.
According to the survey, carried out for the DTI by PriceWaterhouseCoopers (PWC), there was a significant rise in the use of hardware tokens or digital security certificates during 2005.
This was credited with stemming previous increases in identity-related fraud.
However, 80% of companies still rely on passwords alone as a security measure, the report says.
Staff at 18% of large UK firms gained unauthorised access to information during 2005, the report says. Nine per cent of those large firms saw staff misuse restricted information.
Fraud remains rare, the report suggests, but potentially very damaging for businesses, both in financial and prestige terms.
In one incident, a large bank suffered losses totalling several million pounds because of security breaches leading to fraud.
"Identity theft and phishing are on the increase, particularly in financial services and telecoms providers," said Andrew Beard of PriceWaterhouseCoopers.
"It is all the more important therefore that companies adopt an integrated approach to identity and access management.
"At the moment regulatory compliance is the key driver of security expenditure rather than the business opportunities to be derived from it."
PWC interviewed 1,000 respondents for the survey, which will be released in full at the Infosecurity Europe conference in London in April.