This report from the Audit Commission is based on surveys of public and private sectors and it provides a snapshot of the level of ICT abuse, the reasons why it occurs and the risks that organisations need to address. Over the past 24 years, the trend in incidents suggests that ICT abuse continues to be a threat. While new types of incident have arisen, frauds, viruses and accessing inappropriate material on the internet now present the greatest risks to organisations.Organisations have improved their ICT governance arrangements with 96 per cent developing ICT security policies, 82 per cent employing email filtering; and 85 per cent employing staff with specific ICT security responsibilities. But there is less evidence of commitment to providing users with robust guidance and unambiguous statements about their responsibilities. Only half of the organisations surveyed have initiated ICT security awareness training and only one-fifth of staff have been provided with a copy of their organisation’s ICT security policy. Many organisations have responded to the range of risks they face by deploying more preventative measures, but there is still an alarming minority that fails to protect its information assets, whether through complacency or ignorance of risks.
The report is available at: