Home PageEnter the Online ShopCipher-IT ProductsServicesCipher-IT SolutionsAbout Cipher-ITContact us


Why UK businesses need the ECS IT security solution……

The following details shocking results of the Information Security Breaches Survey (ISBS) released April 2000.  1000 UK businesses were surveyed as commissioned by the DTI.

To summarise…….

The ISBS 2000 shows an illuminating state of information security in the UK market place. The "high profile" security issues, such as viruses and passwords are being addressed; however, there is insufficient awareness of what can be done to combat the more significant risks, particularly those posed by human actions and those arising from doing business electronically.

Often – but not always – information security is seen only as an issue for the IT department, which it clearly isn’t. Good information security management is about organisations understanding the risks and threats they face and the vulnerabilities in their current computer processing facilities. It is about putting in common-sense procedures to minimise the risks and about educating all the employees about their responsibilities.

Most importantly, it is about ensuring that the policy on information security management has the commitment of senior management. It is only when these procedural and management issues have been addressed that organisations can decide on what security technologies they need.

Read on for a look into the shocking state of IT security among UK businesses….

  • 60% of organisations have suffered a security breach in the last 2 years.
  • Over 30% of organisations do not recognise that any of their business information is either sensitive or critical and therefore a business asset.
  • Of those organisations that have critical or sensitive information, 43% had suffered an "extremely serious" or "very serious" breach and a further 20% had suffered a "moderately serious" breach in the last 2 years, which they consider to be serious.
  • 1 in 3 businesses are either already buying or selling over the Internet, or intend to start in the near future.
  • Only one in seven organisations have a formal information management security policy in place.
  • Only 37% of organisations interviewed have undertaken a risk assessment where a systematic approach is taken to assess the security risks faced by the organisation.
  • Some good practices are being implemented and adhered to by 83% of the organisations interviewed – e.g. virus protection and password controls.
  • 40% of companies reporting security breaches were due to operator or user error, reinforcing the fact that information security cannot simply be solved by technology alone.
  • Nearly three quarters of organisations that suffered a breach, which they regarded to be serious, had no contingency plan in place to deal with it.
  • More than half of the organisations, which have suffered a breach, that they considered to be their most serious, do not believe that there is anything they could have done to prevent the breaches they have suffered.
  • Organisations where responsibility for information security rests at board level are also those most likely to have formal policies in place. The presence of a formal policy is one of the most important issues in reporting and resolving security breaches.

Very few organisations were able (or prepared) to report the business implications of the security breaches they had suffered – but those that were, indicated that the cost of a single breach could be in excess of £100,000.

Back to top

Please feel free to email us - support@cipher-it.co.uk

Images and content are copyright to Cipher-IT Ltd

Site designed by Cipher-IT Ltd