Information security practice is failing to keep pace with the growth in Ecommerce, according to KPMG.
In a survey of over 1,000 companies with turnover of more than #10 million, information risk management specialist KPMG found that Ecommerce is the biggest issue effecting information security at the moment, yet 58% of companies have no procedures governing use of the Internet. Three quarters have not even tested the security of their Internet sites.
"Ecommerce is one of the fastest growing areas in IT, but industry will not see the benefit of it unless it is secure," warned Michael Bacon, director of information security services for KPMG.
Yet the low-level of reported security breaches meant that the extent of the threat is very difficult to assess, Bacon continued. Companies are often reluctant to admit to breaches when they occur. He added that companies have become too compartmentalised over information security.
"The techies are not telling their managers what the problems are in terms which they can understand," he explained.
Only 54% of employees reported security incidents upward, and although 40% of companies have suffered from security breaches, only 55% took action against the offenders, the KPMG survey found.
Fear of damaging company credibility is the biggest reason for not reporting breaches of security, according to Nigel Miller, IT and cyber law partner with solicitors Fox Williams. "By reporting incidents, firms draw attention to their lack of security. Banks and financial institutions like people to believe it is 100%. I believe this is an underestimated area," said Miller.
"Companies are reluctant to take action because hackers can be smart people, and Scotland Yard only has limited resources. The police are not interested in computer crime involving sums less than #2 million."
Bacon said the law surrounding Ecommerce does not provide sufficient protection on its own. "The law is ambiguous in this area," he explained.
"I do not want to see a high-profile case fail because of inadequacies in the law. Companies could find themselves exposed because the law does not keep up with technology."
EE, O2, Vodafone, Three and Airspan open the bidding
Worried about data privacy? Here are several ways to secure your Facebook account
The ICO is seeking an urgent warrant to investigate a major data breach - everything you need to know as the story continues to unfold