Lax e-security hinders dotcom funding

Inadequate security systems and management may lead to companies being blacklisted by City investors, according to a survey published this week.

The report, called A Risk Too Far and commissioned by internet service provider Vistorm, shows that while 26 per cent of managers demonstrate high levels of IT literacy, the majority don't understand how IT security can affect business performance.

As a result, some companies may be missing out on investment because they are being incorrectly identified as an above average risk.

Pension funds may also be missing out for the same reason. Fund managers wrongly regard dotcoms and financial services as being at greater risk from computer security breaches, the report said.

Ian McKenzie, managing director of managed internet services at Vistorm, said: "No particular business sector is more at risk than any other. But if e-security isn't given attention at director level, there will be enough high-profile security breaches to damage the development of ebusiness in this country."

Three key reasons were given for fund managers' views: a lack of verifiable information; a generally poor understanding of who is at risk and why; and a focus on assessment criteria that do not measure the impact of future market changes.

The report's recommendations include:

• Adopting recognised frameworks such as BS7799 (soon to be ISO 17799) as a basis for a comprehensive security procedure.
• Ensuring that IT security is tackled as a business, and not simply as an IT challenge.
• Using external audits to validate the robustness of IT security solutions on a regular basis.

Chris Ferrant, e-product manager responsible for the BS7799 security standard at the British Standards Institute, said: "Security needs to be considered in relation to the value of its importance as an asset to the company. The technological solutions offered by the IT industry will only be successful if used within a managed environment."

The report follows on from research carried out by Network Associates - which ironically had two of its websites hacked this week - which called for chief executives to take responsibility for e-security.

Vistorm's research has now received the backing of both Certus, the association of IT directors, and the Computer Services and Software Association (CSSA).

John Higgins, director general at the CSSA, said: "The 26 per cent of fund managers who see IT security as a pervasive issue have got it right. Now, the IT industry must work together to get the other 74 per cent to see it the same way - otherwise the only Christmas cards we will receive this year will come with their own virus."

Blue chip companies that have suffered attacks which have made headlines this year include:

Microsoft, HSBC, Barclays, Powergen, Woolworth's, Credit Suisse, Safeway, Visa and Bloomberg.