Two-thirds of IT managers unaware of Government sponsored standard
A new survey by Idetica, a leading independent IT consultancy, shows that most large UK companies are unaware of best practice approaches to managing the security of their online IT systems and business assets. This is despite estimates that the global cost of security breaches is over $15 billion a year (Source: Datamonitor). The survey of IT Managers at FTSE 500 companiesi shows that, although 91% of firms have invested, or are planning to invest in online security technologies, only 34% are aware of the UK Government sponsored British Standard (BS) 7799 Code of Practice for Information Security Management.
Compounding the low awareness problem, the survey also highlights that few companies are planning to adopt BS7799 – only 16% of IT managers stated they had plans to become compliant with the standard. BS7799 specifies best practice approaches to the policy and procedural aspects of IT security which are critical to making security technologies work and maintaining protection against attack. A mere 10% of companies indicated they were already accredited with the standard.
“The key to effective online security is combining security technology with a rigorous procedural approach to back it up,” said Martin Sutherland, head of security consulting at Idetica. “Companies developing home-grown procedures which don’t follow a strong code of practice are vulnerable to attack – this lax approach is undermining the credibility of eBusiness and damaging customer confidence.”
More encouraging news from the survey was that although unaware of BS7799, the vast majority of those surveyed acknowledge the importance of backing up security technology with security procedures – 87% said they followed some kind of formal security business processes. Few could however specify what these processes included – only 50% of the sample could state without prompting that they deployed an anti-virus policy, only 44% said they had considered business continuity planning and a mere 34% said they had considered the legal liabilities resulting from security breaches.
The survey also highlighted the general industry concern over the threat posed to online business by malicious attack – just over two thirds of the sample agreed that security threats are actually hampering the growth of eCommerce. However, the majority was optimistic about the future. 80% agreed with the statement that “eCommerce will be more secure in 2 years time”.
UK-based Idetica is an independent IT consulting company that helps its clients identify, attract and retain profitable customers. Working for some of the UK’s largest companies, Idetica is an expert in the application of customer relationship management (CRM) and related eBusi ness technologies to gain insight into customer preferences, open new on-line customer channels and create a compelling customer experience.