§ The Earl of Northeskasked Her Majesty's Government:
What plans they have to address the problem that half of companies and four out of five large businesses fell victim over the past year to viruses, hacking attacks, fraud and other information security breaches, compared with fewer than one in five in 1998. [HL3950]
164WA
§ The Parliamentary Under-Secretary of State Department of Trade and Industry (Lord Sainsbury of Turville)Business must be responsible for taking appropriate measures to minimise the risk of disruption or damage arising from information security breaches. Government can and do help in specific ways. The Cabinet Office is taking the lead on ensuring that the Government's own services and systems are suitably protected and work in partnership with the private sector to develop solutions that work with the grain of the market. The Home Office has established NISCC (National Infrastructure Security Coordination Centre) to work with the owners of the critical systems in government and the private sector to ensure their resilience. The DTI has for many years sought to increase awareness of information security as an important business enabler. In the past two weeks we have released the latest in our series of surveys on information security. These surveys help government, businesses and suppliers assess the response to the challenge of information security. The DTI has also been involved in the development of best practice and works in partnership with business on several projects to promote best practice. To this end, it is embarking on a new project to better take the message to SMEs through the UK Online for Business programme.
§ The Earl of Northeskasked Her Majesty's Government:
Whether they collect data on the average cost to companies of an Internet security breach; and if so, what was that average as of 1 April 2002. [HL3955]
§ Lord Sainsbury of TurvilleThe DTI works with business to produce a biennial survey of information security breaches, the latest of which was published on 23 April 2002. The survey is intended to raise awareness of the importance of effective information security management. The 2002 survey did not set out to survey or measure the average costs of Internet security breaches but surveyed the costs of all forms of information security breach. Based on the information gathered, the figures indicated that serious security incidents cost on average some £30,000 per incident in 2001.