Workers misusing the Internet cause the most security incidentsafter viruses in large U.K. companies, a new government-sponsoredstudy has found.
Two-thirds of large businesses had at least one online misuseincident last year and small companies reported hundreds of e-mailabuses every day, according to the results of the 2006 U.K.Department of Trade and Industry’s biennial Information SecurityBreaches Survey. The survey was conducted in late 2005 byPricewaterhouseCoopers LLP and included 1,000 U.K. companies.
Despite the high levels of abuse uncovered, misuse of the Web atwork seems to have leveled off recently, the study found. In the2002 study, 8 percent of the businesses surveyed reported internalmisuse of the Web. That figure grew to 17 percent in the 2004report and has stayed at that level in the most recent study.
Many of the worst incidents, 41 percent, involved staffaccessing inappropriate Web sites, with the most serious involvingillegal material such as child pornography.
Companies of all sizes seem to be recognizing the potentialdamage that such misuse of the Internet and e-mail can cause. Thestudy found that last year 63 percent of companies surveyed had anacceptable usage policy, compared to 43 percent in the 2004 study.Among large businesses quizzed in the most recent survey, 89percent had an acceptable usage policy.
Still, companies aren’t taking risks seriously enough, accordingto the survey’s authors. Last year, 38 percent of all companiessaid they blocked access to inappropriate Web sites. Among largecompanies that figure is much higher: 74 percent.
The study found that despite the high number of incidents, thecost of such misuse is relatively low compared to other types ofsecurity breaches. Fewer than 10 percent of incidents causedbusiness disruption or direct cash costs, the study found.
Additional results from the study will be released in lateApril.