To make matters worse this figure, which is concerning enough, is possibly understated due to the high volume of breaches which go unreported. It seems that many companies are reluctant to report security breaches for fear of damaging their commercial reputation – preferring instead to deal with the discovery of fraud as an internal matter, well away from public scrutiny.
More than 65% of companies surveyed admitted that they do not have security audits performed on their e-commerce systems, and only half of all respondents have incident response procedures in place for when they discover a breach.
Many countries reported having incident response procedures that included computer forensics. However, the UK had one of the lowest rates at only 13% compared to the highest (Italy, at 37%).
Martin Baldock, forensic technology director at KPMG, told SMT: "The initial reaction by many companies experiencing a security breach is to immediately fix the problem, and get systems back in action. In doing so companies may be destroying valuable evidence, making it almost impossible to recover assets or pursue legal action and, as our research shows, 83% of respondents admitted they did not pursue legal action after a breach was discovered. It's rather like cleaning a crime scene before you've actually dusted for fingerprints."
In addition, KPMG reports that the websites of only 2% of UK companies surveyed had undergone and passed a security audit, indicating this to be an area of low priority for many companies. According to KPMG, website security audits should be a "primary security precaution" for any companies engaging in e-commerce activity via the Internet.
Survey respondents cited hackers as being one of the greatest threats to their e-commerce systems, along with poor implementation of security policies and a general lack of employee awareness.
Source
SMT
