Half of all UK companies suffered disruption to business as a result of viruses and denial of service attacks last year. That's the not very surprising finding of a new, government-sponsored report compiled for the Department of Trade and Industry (DTI).
This compares with an infection and attack rate of 16 percent in 2000, and 41 percent in 2002.
Yet alarmingly, the PricewaterhouseCoopers-led “Information Security Breaches Survey” found that this seems to be happening despite safeguards such as anti-virus software, used by 93 percent of the 1,000-company survey.
Surprisingly, size doesn’t appear to be much defence either - 68 percent of the largest companies were infected during the year despite this sector also being the most enthusiastic user of anti-virus systems.
How much real damage these viruses and DoS attacks are doing is harder to gauge. The report defines disruption as “from less than a day’s disruption and no cost, to major disruption to services for a month or more”, which may come to be seen, in future years, as getting off lightly.
Meanwhile, companies may simply have acclimatised themselves to experience disruption, preferring to manage the problem on a case-by-case basis rather than do what the security industry would love them to do - invest in yet more security.
The report comes to some stark conclusions about the ability of anti-virus software, on its own, to protect against rapidly-unfolding threats such as Blaster, which was able to infect 100,000 systems per hour.
It suggests that patch management and vulnerability assessment systems will become ever more critical and this points towards large companies, in particular, having to spend more of their budgets on security information services whether they like it or not.
Expect more doom and gloom when the next survey is carried out.
The full results of the Survey will be launched at InfoSecurity Europe in London, 27-29 April.