Information Security - DBERR publishes results of 2008 survey of breaches

Written by Ian Congreave - Filed under: Information Security on May 12th, 2008

Hi! If you're new here, you might want to register for free email updates. Just use the form at the top of the sidebar. Thanks for visiting The Payroll Blog!

UK flagThe Information Security Breaches Survey is published bi-annually by the DBERR and PricewaterhouseCoopers plc. The results of the 2008 survey have been published and show, among other things, that most businesses are now investing in security defences and that information security breaches are causing less disruption to companies’ operations than two years ago. In the past six years, the number of businesses that have published security policies to their staff and provide on-going security awareness training has doubled. However, only 11% of businesses have implemented the sensible British Standard on Information Security Management and 79% are not aware of its contents.

The Executive Summary points out several areas of concern that businesses still need to address, namely:

  • 10% of websites that accept payment details do not encrypt them
  • 21% spend less than 1% of their IT budget on information security
  • 35% have no controls over staff use of Instant Messaging
  • 48% of disaster recovery plans have not been tested in the last year
  • 52% do not carry out any formal security risk assessment
  • 67% do nothing to prevent confidential data leaving on USB sticks, etc.
  • 78% of companies that had computers stolen did not encrypt hard discs
  • 84% of companies do not scan outgoing email for confidential data.

Five recommendations for all businesses are provided:

  1. Understand the security threats you face, by drawing on the right knowledge sources.
  2. Use risk assessment to target your security investment at the most beneficial areas.
  3. Integrate security into normal business behaviour, through clear policy and staff education.
  4. Deploy integrated technical controls and keep them up to date.
  5. Respond quickly and effectively to breaches, e.g. by planning ahead for contingencies.

Further information:

2008 information security breaches survey: executive summary
2008 information security breaches survey: technical report

The UK Payroll News is sponsored by HRD & Payroll Solutions


Written by Ian Congreave - Payroll writer and lecturer


Filed under: Information Security on May 12th, 2008

Related posts you may enjoy:

  • Guernsey: Social Security contribution rates for 2009 - Proposed change to upper earnings limit
  • Data Protection - HMRC and MOD data security breaches
  • Guernsey: Taxation of Benefits-in-Kind - Proposals to tax benefits through ETI

    • Leave a Reply

    « Tax Relief for Employment Expenses - Form P87 for 2007/08 now available Discipline and Grievances - Draft code of practice issued by Acas »