A government IT security survey out next week has been criticised by users for hyping up the number of security breaches, and being used as a vendor-sponsored bandwagon to push products.
The Department of Trade and Industry's biennial Information Security Breaches Survey 2002 found that four out of five large companies fell victim to viruses, hackers, fraud and other security breaches last year.
This compares to just a quarter in 2000 and less than one in five in 1998.
A lack of investment in security is the key problem, according to consultant PricewaterhouseCoopers (PwC) which led the survey.
It found that just a quarter of users spend more than one per cent of their IT budget on security. Three to five per cent is claimed to be the correct level, rising to 10 per cent for financial services firms.
Chris Potter, a partner at PwC, warned that users are losing "billions of pounds" and should spend more on security.
"The average cost of a breach is £30,000 and several of the companies we spoke to told us about incidents that had cost them more than £500,000. Companies need to take action now to translate their commitment to information security into reality," he said.
But users have hit out at the survey's dependence on security consultants and vendors. Over 1,000 users were quizzed between October 2001 and January 2002, with a consortium of security vendors including RSA, Symantec and Genuity helping to put the results together.
David Rippon, chairman of the Elite user group, said: "There is a downturn in the market for security products.
"Whether you spend enough is subjective and the level reported is very low. I haven't had [a breach] for over a year but that doesn't mean I'm complacent."
David Roberts, chief executive of blue chip user group The Infrastructure Forum, explained that security remained the top priority for IT directors and that many of the problems lie with the products.
"Large organisations know exactly what's going on and it's an absolute top priority and has been for many years. It is more likely an immaturity in security products, and standards is undoubtedly an issue," he said.
The report also found that only a quarter of businesses have a security policy in place, despite three-quarters acknowledging that they hold sensitive and critical information.
The full version of the report will be released at the annual Infosec security show in London next week.
Claims to have "the most competitive logic density" in the industry
Dell's high-end mobile workstations upgraded with Intel Coffee Lake CPUs
Webstresser admins were also arrested in the UK, Croatia, Canada and Serbia
Security firm claims that 117,638 sites out of 135,035 analysed contain serious security flaws