U.K. businesses are failing to adopt the security controls needed to protect customers' information, according to the 2006 Department of Trade and Industry's biennial Information Security Breaches Survey.
The survey showed that increasing volumes of business being conducted online have raised the priority given to protecting customer data. Most large organizations appear to have adopted best practices regarding network and data security, and 78 percent of those who accept financial transactions now encrypt the data they receive.
However, smaller firms are less likely to provide such protection; less than a third encrypted the data they receive.
Nine-tenths of respondents recognized that protecting customer information was important or very important and a strong justification for security expenditures.
While adoption of traditional security controls, such as firewalls, is high, newer technologies are being adopted faster than controls to protect against their misuse. Protection of wireless networks has improved since 2004, but many small firms are still not adopting strong controls.
Firms are not considering the security implications of adopting Voice over Internet Protocol telephony (VoIP), according to the survey. Despite widespread publicity, only half have evaluated the security risks of VoIP.
According to telephone survey of 1,000 companies, there was a rise in the number of companies reporting an attack on their internet or telecommunications traffic. Over a quarter of those affected by attempts to break into their networks said they suffered at least one significant attempt every day.
The businesses attacked tended to be those that accept financial transactions online.
The research was conducted by a consortium led by PricewaterhouseCoopers LLP. The full results of the survey will be revealed at Infosecurity Europe in London, April 25 to 27.
Andrew Beard, a director from PricewaterhouseCoopers LLP leading the survey, said: "It is encouraging that companies recognize the value of secure e-commerce to their business, however, some still have work to do to put secure controls in place to satisfy their customers. Somewhat worryingly, the number of attacks on websites is rising, and half of the attacks reported by respondents were described as serious."
"Clearly it is important that companies review the controls they have in place to ensure sensitive information is protected and encrypted. As more and more businesses adopt VoIP technology, it is imperative that they also consider the risks associated with this new technology and don't leave anything to chance," he added.
