U.K. businesses lack understanding of threats they face

Published 20 October 2008

U.K. companies invest billions in software for intrusion detection, encryption, and identity management, but are still struggling with basic security processes

Lapses in information security among U.K. businesses are still poorly recorded and understood, reflecting a lack of understanding of the threat level that organizations face, according to the PricewaterhouseCoopers annual Global State of Information Security Survey 2008. The survey polled 7,000 IT executives from 119 countries (more than 300 from the United Kingdom) across all industries on the challenges of protecting corporate information assets.

Although organizations continue to invest heavily in security tools such as software for intrusion detection, encryption, and identity management, they are still struggling with their security processes, the study shows. Most U.K. companies in the sample did not know where their data was located, 37 percent were not sure how many incidents they had suffered, and more than half could not say what type of security incident had occurred or what had caused them. Some 30 percent of companies had neither measured nor reviewed the effectiveness of their information security policies over the past year.

Confidence about the effectiveness of their organization’s information security activities was also low among the U.K. executives polled. Fewer than one in three said they were very confident that their information security was effective. Fewer than one in four felt very confident about the effectiveness of their suppliers’ or business partners’ security. The latter is perhaps not a surprising finding given the recent problems that some organizations have encountered over security lapses when third parties have handled their data, said PwP.

William Beer, director in the information security group of PwP, said, “There appears to be an overall misalignment with executive management’s view of security, causing many organizations to fail to capture the full value from their spending in this area. Information has become the new currency of business. Its availability, integrity and confidentiality are crucial components of a collaborative business.”