Firms spend big on security

UK businesses continue to invest increasing time, money and resources in the issue of securing their network and the wider enterprise perimeter, according to a report from the CBI (Confederation of British Industry) – which also suggests fears of cyber-terrorism are behind much of the spend.

Businesses and government must also forge a more open relationship in order to effect the greatest improvements in the UK cyber-security, according to the report.

Nearly two thirds of companies said they had undergone a strategic overhaul of their IT security arrangements. Impressively, two thirds of companies now have a dedicated chief security officer – and 20 per cent of those are serving on the board.

It was also clear that these were not just cosmetic changes in job titles which companies are making – many are backing this post with serious budget. In the past year the typical sum spent on security across CBI member organisations was in excess of £1m.

Much of that investment appears to be driven by a growing trend toward hype and the fear of terrorism which has wracked much of Western society in recent years. Terrorist attacks and environmental terrorism were among the top concerns, along with time-honoured threats such as hacking and computer viruses.

Simon Perry, VP security strategy at CA, said: "There has not been a single incident of cyber terrorism and there has not even been a single incident to suggest terrorist groups are developing the skills and the systems to commit such crimes."

Perry said many IT managers may be aware that 'anti-terror' measures are a compelling way to secure increased budget which may not be freed up if it is pitched as work-a-day IT budget.

He did, however, advise that scepticism and a level-headed approach to security is still the healthiest approach. "Whenever you see something these days which mentions cyber-terrorism you should probably take it with a sizeable pinch of salt," he added. "If you have in place security to protect you from hackers, virus writers, script kiddies and the very real threats which exist you will, by default, be protected from any attack which might come from a terrorist group. There's nothing to suggest it would be a different kind of attack."

Digby Jones, director general of the CBI, said: "Business Britain understands the meaning of risk and is working hard to calibrate the additional risks posed by security. But the risk assessment process in a business would be much improved if there was greater transparency from government and other key agencies."

"Business needs to have more confidence that it is getting its contingency planning right," he added.

The survey also found that 80 per cent of businesses want to see an increased dedicated police resource cracking down on cyber-crime.

"Companies are determined to protect their staff and ensure that every angle is fully covered but policing has clearly been inadequate in certain areas," said Jones.

One large end user, David Lacey, director of information security at Royal Mail, speaking at Cal-IT in London, said the biggest challenge facing enterprises now is establishing and securing the perimeter – something which has become increasingly difficult as greater mobility has become a 'must-have'.