IT ‘Human Errors’ Pose Significant Risk In £840m Battle To Protect Corporate Data

Dec. 10, 2010 - PRLog -- IT departments pose one of the biggest potential risks to the protection of sensitive company information, according to one of the UK’s leading compliance, internal audit and enterprise fraud prevention experts.

Human errors committed by IT teams have led to many UK businesses, particularly those engaged in the manufacturing, healthcare, financial services and telecommunications (1) sectors, losing confidential corporate data – or resulting in company secrets and Intellectual Property being compromised.

The problem has grown dramatically in recent years and now affects many businesses, costing £840 million – money that is very difficult to recoup (2).

“The very people who are responsible for creating the computer infrastructures that run British businesses, are the same people who are inadvertently causing considerable damage,” commented Angus Stewart, chief executive of e-Solutions.

“These aren’t deliberate acts. Many occur through a loss of concentration – or because IT personnel attempt to complete something they aren’t trained to do.

“What I find very frustrating is everyone understands a key role of any IT department is the effective monitoring of colleagues, thereby ensuring a business is not put at unnecessary risk. But it’s equally important that systems are in place to monitor the IT team. Not many people pencil this into their thinking – and they should.”

The latest research published by the Information Commissioner’s Office (ICO) – the official body set up by the government to investigate data breaches – demonstrates the scale of the current problem. In its paper Security Breaches Reported to the ICO, it was disclosed that up to 36% of all recorded data breaches in 2010, relate to issues that could have been prevented by an alert and vigilant IT team (3).

Among the biggest problems identified by the ICO were:

•         The disclosure of data by error: 254 cases have been investigated by the ICO this year, with private companies (91), the NHS (43) and local government committing most mistakes;

•        The non-secure disposal of data: 23 cases have been looked into – with incidents at the NHS and private companies dominating the ICO investigations;

•         A variety of technical and procedural failures: there have been 83 incidents in 2010, with 33 incidents attributed to the private sector.

“The ICO figures give an insight into the scale of the problem. But so, too, does some analysis compiled in the US, particularly in relation to the monitoring of third party contractors. The US has a significant problem in this regard – and I believe the UK does as well!”

In the US, a recent study published by the Department of Defense, revealed it was stepping up efforts to monitor the services and supplies delivered by contractors as part of the US’s on-going commitments in Iraq and Afghanistan. The reason? It fears a significant amount of the $800 billion budget allocated to the two countries is being misappropriated – and the existing IT systems and personnel are not flagging the scale of the problem.

Added Angus Stewart: “In my opinion, these kind of situations and problems shouldn’t occur in the first place.

“There are inexpensive solutions available to all private and public bodies that manage IT systems in real time – and immediately alert the right people in an organisation when someone is doing something that doesn’t tally with is, or is outside of their remit.

FOR MORE INFORMATION, PLEASE CONTACT:

Tony Yorke, media adviser, e-Solutions
Mobile: 07879 658888. Email: tony.yorke@e-solutions.uk.com

Angus Stewart, chief executive, e-Solutions
Mobile: 07967 593341. Email: angus.stewart@e-solutions.uk.com

1.       Sectors most at risk were identified in research conducted by Observe IT, one of the world’s developers of People Auditing solutions for industry

2.       The total loss attributable to avoidable system failures in UK plc amounted to £1.5 billion in 2010. Of this figure, 56% – or £840m – relates specifically to avoidable issues that could have been better managed by IT teams with affected organisations.  All figures quoted are supplied by the National Office for Statistics and relate to projected spend during the period January – December 2010.

3.       Security Breaches Reported to the ICO is a document available from the Information Commissioner’s Office. According to this document, 1007 security breaches had been reported to the ICO.

4.       Leading corporations and institutions around the world are using ObserveIT to secure and monitor their IT server environments including: Toshiba, Xerox, Coca-Cola, GE Money, Siemens, Samsung, Nissan, BP, BNP Paribas, Vodafone & Sky.

5.       e-Solutions is a UK business that is recognised as one of the leading providers of compliance, internal audit and enterprise fraud detection solutions. The company’s clients include many of the high street-s biggest names in the financial services sector.

6.      The company is based in Staffordshire and operates throughout the UK and Europe.

# # #

e-Solutions is one of the UK's leading enterprise fraud management, internal audit and compliance consultancies. We work with a number of leading blue chip businesses, helping them reduce the risks associated with employee fraud and identity theft.