BRITISH firms could face a wave of costly litigation because of poor computer and customer data security, according to a new survey.
Businesses believe it is a question of ‘not if but when’ they will be dragged into court because of lost or damaged data arising from hacking, fraud, viruses and human blunders. The fears are published in the report Risky Business: UK Industry and Data Integrity based on interviews with data security managers from some of the UK’s top business organisations.
It finds firms are braced for a surge of legal claims either privacy related suits from individuals, or damages claims from companies suffering from computer viruses inadvertently sent via email from other companies’ systems.
‘We believe there are companies out there who could find themselves legally liable because of what they haven’t done in terms of data security,’ said Jeremy Beale, head of the CBI’s E-Business Group.
‘I would say we are all waiting for the first legal action to kick off,’ says Kat Maben, principal security consultant for the telecoms group Avaya. ‘I think it is going to be inevitable.’
In 2004, one in 16 emails contained a virus, according to research by Messagelabs. Three of the most virulent viruses, Code Red, Love Letter and Klez were responsible for a global cost of $20.4bn (£10.8bn).
‘People are now aware of viruses because they can see them in their email,’ said John Holland, CyberTrust’s European director.
‘There are criminals trying to get into their computers so there is a greater awareness. When that is coupled with worry over legislation in the boardroom, people have to be seen to be doing things.
‘With more people using the internet for phone communications, any failure of computer security is instantly visible. I know of one large company which had to use its mobile phones recently because its phone lines went down when its computers were attacked.’
The report also found strong demand among some business groups for the development of a third-party certification system for computer security, similar to the credit ratings used to assess top companies.
‘A de facto and industry supported third party…would be very attractive,’ wrote John Meakin, head of security at Standard Chartered bank, in the report. ‘In a global market, anything that speeds up decision-making would be interesting.’
Published London Evening Standard, 7th of January, 2005 and Computing Newspaper