UK firms treble IT security spend

Government survey unveiled at Infosec reveals UK firms now committing 7 per cent of IT budget to security, up from 2 per cent in 2002

Written by Sam Trendall

CRN, 22 Apr 2008

A survey commissioned by the Department for Business, Enterprise and Regulatory Reform (BERR) has revealed that UK companies are spending three times as much of their IT budget on security as they were six years ago.

The 2008 Information Security Breaches Survey was carried out by a consortium led by professional services company PricewaterhouseCoopers and the results were revealed at the Infosecurity Europe event in London this week. The survey showed that the average UK firm spends 7 per cent of its IT budget on security, compared to 2 per cent in 2002.

During that time the total cost of security breaches to UK firms has fallen 35 per cent, although a quarter of businesses reported a serious security breach in the last two years. The survey demonstrates that companies are becoming more security savvy, demonstrated by the more than 90 per cent that back up critical systems, have implemented spam filters, firewalls, anti-virus and anti-spyware software and have encrypted wireless network transmissions.

55 per cent of firms now have a documented security policy, compared to 27 per cent in 2002, while 40 per cent give their staff ongoing security training, double the amount that were doing so in 2002.

But the survey also reveals many companies have a worryingly lackadaisical approach to other aspects of security. 84 per cent do not check to ascertain whether outgoing email contains confidential information and 78 per cent that had been victims of computer theft did not encrypt hard discs. 72 per cent do nothing to prevent data leaving on portable memory devices, 52 per cent do not carry out a formal security risk assessment and 48 per cent have not tested their disaster recovery plans in the last year.

35 per cent exercise no controls on their staff using instant messaging, 21 per cent spend under one per cent of their IT budget on security and 10 per cent of websites accepting payment details do not encrypt them. Despite the drop in the cost of security breaches to the UK economy, only 17 per cent of businesses expected the numbers of incidents to fall next year.

Parliamentary under secretary of state for BERR Shriti Vadera said: "New technology is a key source of productivity gains, but without adequate investment in security defences these gains can be undermined by IT security breaches. The survey shows increasing understanding by business of the opportunities and threats, but challenges remain."

Chris Potter, partner at PricewaterhouseCoopers, said: "There are still some fundamental contradictions. Some 79 per cent of businesses believe they have a clear understanding of the security risks they face, but only 48 per cent formally assess those risks. Also, 88 per cent are confident that they have caught all significant security breaches, but only 56 per cent have procedures to log and respond to incidents. The survey also shows 71 per cent have procedures to comply with the Data Protection Act, but only 8 per cent encrypt laptop hard drives. Businesses all need to ensure that their defences are sound if they want to continue to enjoy the benefits that technology brings.”

See also:

reader comments

related articles

Security

Infosec 2008 hit by competition

Exhibitor and visitor numbers expected to be up on last year, but major names are looking elsewhere, writes Doug Woodburn 11 Apr 2008

 
Infosec

Infosec: UK firms winning security battle

New survey shows incidence and costs of attacks falling 22 Apr 2008

Updated: IT security survey opens Infosec

Firms could do more to improve security, according to survey on IT breaches 22 Apr 2008

Infosecurity Europe show to focus on data breaches

Annual trade show will see the launch of the annual Information Security Breaches Survey 17 Apr 2008

latest news

Inclarity tools up VARs

Vendor continues channel reinforcement with new partner offerings 23 Jul 2008

ID theft driven by account takeovers

Life assistance firm encourages vigilance as fraudsters move with the times 23 Jul 2008

London is still top card fraud hotspot

Joint research from the 3rd Man and 192business.com looked at over 30 million card transaction in first six months of 2008 23 Jul 2008

More news

poll

Fuel for thought?

Fuel for thought?

Is Ingram right to pass on the rising cost of fuel through a freight charge?

Previous poll results

In The Studio With CRN: Josh Claman, Dell

In an editorial coup for CRN, Josh Claman, vice president of EMEA channels at Dell, talks to CRN TV about the vendor's channel plans

CRN Fight Night bouts are LIVE!

ALL the bouts from CRN's first ever white collar boxing event at The Brewery in Chiswell Street, are now online in their full glory for CRN readers to watch.

More CRN TV

events

CRN Golf Challenge 2008

CRN Channel Golf Challenge 2008

CRN's annual golfing day will this year be held on 16 September at a championship course in East Sussex

CRN Reseller Leadership Forum logo

CRN Reseller Leadership Forum

An exclusive channel conference from CRN, to be held over one action-packed day in September 2008

More Events

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Advertisement

White papers

Search white papers

Top categories