A government IT security survey out next week has been criticised by users for hyping up the number of security breaches, and being used as a vendor-sponsored bandwagon to push products.
The Department of Trade and Industry's biennial Information Security Breaches Survey 2002 found that four out of five large companies fell victim to viruses, hackers, fraud and other security breaches last year.
This compares to just a quarter in 2000 and less than one in five in 1998.
A lack of investment in security is the key problem, according to consultant PricewaterhouseCoopers (PwC) which led the survey.
It found that just a quarter of users spend more than one per cent of their IT budget on security. Three to five per cent is claimed to be the correct level, rising to 10 per cent for financial services firms.
Chris Potter, a partner at PwC, warned that users are losing "billions of pounds" and should spend more on security.
"The average cost of a breach is £30,000 and several of the companies we spoke to told us about incidents that had cost them more than £500,000. Companies need to take action now to translate their commitment to information security into reality," he said.
But users have hit out at the survey's dependence on security consultants and vendors. Over 1,000 users were quizzed between October 2001 and January 2002, with a consortium of security vendors including RSA, Symantec and Genuity helping to put the results together.
David Rippon, chairman of the Elite user group, said: "There is a downturn in the market for security products.
"Whether you spend enough is subjective and the level reported is very low. I haven't had [a breach] for over a year but that doesn't mean I'm complacent."
David Roberts, chief executive of blue chip user group The Infrastructure Forum, explained that security remained the top priority for IT directors and that many of the problems lie with the products.
"Large organisations know exactly what's going on and it's an absolute top priority and has been for many years. It is more likely an immaturity in security products, and standards is undoubtedly an issue," he said.
The report also found that only a quarter of businesses have a security policy in place, despite three-quarters acknowledging that they hold sensitive and critical information.
The full version of the report will be released at the annual Infosec security show in London next week.
Found by calculating the strength of the material deep inside the crust of neutron stars
Can highlight in real-time the relevant regions of an image being described
Double legal trouble for Musk as he also faces civil lawsuit over renewed British pot-holer 'paedo' claims
Battery development could help boost performance of smartphones