PricewaterhouseCoopers has launched the latest government-sponsored survey of information security breaches. The DTI Information Security Breaches Survey 2004, like its predecessors, will be the most authoritative source on the state of information security in the UK. The survey’s findings will be published in April 2004 at the Infosecurity Europe Exhibition in London.
The survey forms an important part of the Department of Trade and Industry’s work with British industry to understand the impact of information security breaches. It aims to raise awareness of the importance of information security management among UK companies and public sector organisations.
Microsoft and Computer Associates are lead sponsors for the survey, with input from the National Hi-Tech Crime Unit, Royal Holloway, University of London and the Information Assurance Advisory Council.
The survey involves telephone interviews with 1,000 businesses of all sizes across all areas of the UK, plus a series of face-to-face interviews.
Chris Potter, the PricewaterhouseCoopers partner leading the survey, said:
“In the two years since the last survey was conducted, UK businesses have suffered from an increasing array of security threats. Most are now connected to the Internet, and many are finding out about viruses and spam the hard way. New technologies, such as hand-held computers and wireless networks, are becoming more widespread, often in organisations that don’t understand the risks inherent in their use or how to mitigate those risks. And, perpetrators of economic crime are increasingly using computers to carry out their frauds and thefts.
“The overall economic environment has resulted in little appetite for huge investments in security technology of the kind we saw in the late 1990s. So, the challenge for many companies has been making sure the money they devote to information security is targeted at the most important threats.”
Mr Potter added:
“Most UK businesses struggle with how to demonstrate return on investment from security expenditure, and most estimates of the damages caused by security incidents are superficial. One of our key aims for this survey is to arm senior management with the information they need to tackle these issues in a commercial way.”
Geoff Smith, head of the DTI’s information security policy team, commented:
“Over the last decade, this survey has formed an integral part of our programme to help UK businesses address the issue of information security and manage their information security processes more effectively. We were very pleased with how PricewaterhouseCoopers conducted the 2002 survey process and are delighted to be working with them again in 2004.
“As last time, the 2004 survey will feature trend analysis on incidents and practices, showing how threats and defences are evolving in the changing business environment. Equally important is the focus in this survey on emerging issues such as spam, PDAs and wireless networks. I’m confident that the survey will help UK businesses make sensible decisions on how best to deal with their information security risks and remain competitive in today’s challenging business environment.”
The executive summary and full results from the 2002 survey, can be found on the dedicated website www.security-survey.gov.uk