The World Wide Web is lauded for its ability to deliver instant communications and connectivity. However, the web’s speed and convenience brings with it the threat of both targeted and indiscriminate malicious attacks.

The DTI Information Security Breaches Survey 2004 (ISBS) is the UK's leading source of information on security incidents suffered by businesses, both large and small.

One of the most surprising statistics to emerge from this year’s DTI survey is that 7% of UK organizations are yet to implement any form of anti-virus software. Almost equally disconcerting is the fact that 41% of businesses do not immediately update their anti-virus software when a new virus signature is identified.

ISBS illuminates the ever-present danger of viruses, unauthorized access, systems misuse, fraud and theft. With 90% of UK computer users frequently sending emails and browsing the web as a normal part of their working day, this increased connectivity to ‘the outside world’ is also attracting a deluge of unsolicited email or spam that is undermining the efficiencies of electronic communication. Two-thirds of large companies with sophisticated IT security systems admitted that their defenses were breached by an email-borne virus at least once in the last year.


The average UK business experiences at least one ‘security incident’ per month, and for larger companies, the figure is closer to one incident per week. Perhaps, for the 7% with their heads still buried in the sand, ignorance is bliss as most have no idea how susceptible they are, and how many attacks they fall victim to - until they consider the monetary cost.

For a medium-sized business, the average cost of each security incident is £10,000, which is mainly attributed to systems downtime and lost productivity. However, the figure escalates with the size of the organization, with larger firms reporting an average cost of around £120,000 per incident. As central and local government organizations upgrade IT infrastructure to improve inter-departmental collaboration and government-to-customer communication, the risk of exposure to viruses and malicious attack grows.

A few years ago, there were very clear lines of distinction between the private and public domain. Generally, organisations would post a website populated with innocuous content as a two-dimensional electronic façade to the outside world. However, electronic ‘brochureware’ is being replaced by sophisticated, interactive websites that deliver a more personalized online experience to visitors.