Employees are weakest link in business security

According to analyst firm Gartner, a majority of security incidents will be financially motivated by 2005, with most being the work of insiders.

But there is some good news. A US survey of computer attacks showed that the losses from security breaches was declining.

The study by the Computer Security Institute and the FBI found that losses by businesses and government departments had fallen by half in a year.

Price to pay

Most modern businesses rely on the sharing of information, making computer systems more vulnerable than ever to unscrupulous employees.

"There is a delicate balance between limiting insider access to information and crippling the ability to create revenue," said Richard Hunter, Vice President for Gartner.

Cyber crimes and other information security breaches are widespread and diverse Chris Keating, Computer Security Institute

Most businesses are opting in favour of revenue over security, making themselves easy targets for insider crime.

Despite being aware of the threat imposed by insiders, many firms are concentrating on other security threats, from politically motivated hackers or virus writers out to make a nuisance of themselves.

"Businesses often find it easier technically and politically to take action against external threats instead," said Victor Wheatman, Managing Vice President for Gartner.

Burying their heads in the sand will no longer be an option and businesses must act to create legal contracts between themselves, partners and employees.

"Businesses must take steps to secure themselves against criminally intent insiders or resign themselves to suffering significant losses from insider crimes," said Mr Wheatman.

'Disturbing trends'

There are some signs that firms are more willing to face up to the risk of computer attacks.

Three-quarters of the 530 government bodies and businesses surveyed by the Computer Security Institute, (CSI), and the FBI owned up to financial losses.

But only about half could put a figure on how much they had lost.

Overall financial losses amounted to $201.8m, down from $455.8m the previous year.

More significantly the theft of proprietary information caused the greatest financial loss, totalling $70.2 million.

"The trends the CSI/FBI survey has highlighted over the years are disturbing," said CSI Director Chris Keating.

"Cyber crimes and other information security breaches are widespread and diverse."