Corporate Security
IT and network security are the greatest security concerns for members of the CBI, according to new research from MORI. The research, jointly commissioned by CBI and QinetiQ, shows a large majority (97%) of members have either great or some concern about the overall security of their business. Almost three in five (58%) say IT and network security is a great concern, while two in five name 'Provision of standby facilities for business continuity purposes' (41%), 'Risk to brand value of security incidents' (40%) and 'Risk to employees of security incidents' (38%).
IT and network security are the greatest security concerns for members of the CBI, according to new research from MORI. The research, jointly commissioned by CBI and QinetiQ, shows a large majority (97%) of members have either great or some concern about the overall security of their business. Almost three in five (58%) say IT and network security is a great concern, while two in five name 'Provision of standby facilities for business continuity purposes' (41%), 'Risk to brand value of security incidents' (40%) and 'Risk to employees of security incidents' (38%).
Technical details
Final topline results based on a total of 100 telephone interviews with CBI members conducted by MORI. Fieldwork was conducted by MTS (MORI Telephone Surveys) from 4th August - 29th September 2004
Topline Results
- Final topline results based on a total of 100 telephone interviews with CBI members conducted by MORI.
- Fieldwork was conducted by MTS (MORI Telephone Surveys) from 4th August -- 29th September 2004
- Unless otherwise stated, figures quoted are percentages based on the total number of interviews achieved (100)
- Where percentages do not add up to 100% this is due to either computer rounding or questions allowing multiple answers. An asterisk denotes a figure below 1%
Q1 Can I start by asking you how much of a concern the security of your business is -- in an overall sense -- to you at present -- of great concern, some concern or no concern? Can I now ask you to respond, using that same scale, for some specific aspects of corporate security?
| 160 | Great concern | Some concern | No concern | No opinion |
|---|---|---|---|---|
| 160 | % | % | % | % |
| Overall | 49 | 48 | 2 | 1 |
| IT and network security | 57 | 38 | 5 | 0 |
| Provision of standby facilities for business continuity purposes | 41 | 46 | 13 | 0 |
| Insecure communications, for example integrity of mobile and wireless data | 16 | 63 | 20 | 1 |
| Risk to business performance of security incidents | 35 | 58 | 7 | 0 |
| Risk to brand value of security incidents | 40 | 44 | 15 | 1 |
| Risk to employees of security incidents | 38 | 53 | 9 | 0 |
| Risk to facilities of security incidents | 23 | 68 | 8 | 1 |
| Screening of packages or containers | 14 | 53 | 32 | 1 |
| Background checking of existing personnel | 13 | 50 | 36 | 1 |
| Background checking of personnel applying to join the organisation | 25 | 58 | 15 | 2 |
| Background checking of visitors to the organisation | 5 | 54 | 41 | 0 |
| Compliance with international security legislation | 20 | 45 | 30 | 5 |
Q2a When did you last have a strategic overhaul of your security arrangements?
Q2b And when did you last discuss security at Board level?
| 160 | Q2.a | Q2.b |
|---|---|---|
| 160 | Strategic Overhaul | Discuss security at Board level |
| 160 | % | % |
| 2004 | 62 | 82 |
| 2003 | 16 | 8 |
| 2002 | 7 | 2 |
| 2001 | 1 | 2 |
| Earlier | 6 | 0 |
| Don't know | 8 | 6 |
Q3 Which of the activities I am going to read out did your organisation review or undertake as part of that strategic overhaul? Base: All those who have had a strategic overhaul (92)
| 160 | Yes |
|---|---|
| 160 | % |
| Risk to business performance of security incidents | 93 |
| Risk to facilities of security incidents | 92 |
| Provision of standby facilities for business continuity purposes | 90 |
| Risk to employees of security incidents | 86 |
| IT and network security | 85 |
| Risk to brand value of security incidents | 79 |
| Background checking of personnel applying to join the organisation | 68 |
| Compliance with international security legislation | 57 |
| Insecure communications, for example integrity of mobile and wireless data | 51 |
| Background checking of existing personnel | 45 |
| Screening of packages or containers | 39 |
| Background checking of visitors to the organisation | 29 |
Q4a How strongly were the changes or reviews you made influenced by the following?
| 160 | Very strongly | Fairly strongly | Not very strongly | Not at all | No opinion / Don't know |
|---|---|---|---|---|---|
| 160 | % | % | % | % | % |
| 9/11 | 35 | 28 | 19 | 10 | 0 |
| The changing nature of security threats in the last 2 years | 46 | 31 | 8 | 7 | 0 |
| A specific threat to your sector | 28 | 18 | 23 | 23 | 0 |
| Advice from the police | 11 | 32 | 22 | 26 | 1 |
| Recognition of increased general security risk | 41 | 43 | 4 | 4 | 0 |
| Media coverage of security issues | 13 | 36 | 24 | 18 | 1 |
Q4b What other events, if any, influenced the changes or reviews you made?
| 160 | % |
|---|---|
| Acts of terrorism/9/11/Madrid bombing | 14 |
| American Sarbanes-Oxley laws/Legislation/Regulatory issues | 12 |
| IT security/Viruses | 6 |
| Animal rights/Activists | 5 |
| Government warnings/Heightened awareness | 5 |
| General risk management | 5 |
| The current climate/Current security situation worldwide | 5 |
| Attention from pressure groups | 4 |
| Wars/Conflicts in other countries | 4 |
| Safety of staff | 3 |
| Change in international politics/Political issues | 3 |
| Global incidents | 2 |
| Company move/Relocation | 2 |
| Theft of products in transit/Theft | 2 |
| Client expectations/Customer-driven | 2 |
| Business integration/Company merger | 2 |
| Subject of media attention | 2 |
| Other | 17 |
| None/Nothing | 15 |
Q5a Do you have any residual concerns about your organisation's state of preparedness?
| 160 | % |
|---|---|
| Yes | 60 |
| No | 40 |
Q5b What particular concerns are these? (Open-ended question) Base: All those with concerns about their organisation's state of preparedness (60)
| 160 | % |
|---|---|
| Business continuity/Never having fully tested our business continuity plan | 23 |
| Maintaining vigilance/Ability to detect & respond to these threats | 23 |
| Concerns that we are not ready enough/Better disaster recovery plans required | 20 |
| IT vulnerability/IT recovery/IT back-up | 15 |
| Threat to the transport infrastructure/Traveller security | 7 |
| Safety of employees/Threat to our people overseas | 7 |
| Background checking of existing employees | 3 |
| Energy crisis/Threat to the utilities | 3 |
| Fear of the unknown | 3 |
| Our workplace location/Security of the premises | 3 |
| Other | 18 |
| Don't know | 3 |
Q5c Do any of these concerns relate to a particular part of the world? If so, which areas? Base: All those with concerns about their organisation's state of preparedness (60)
| 160 | % |
|---|---|
| UK | 37 |
| London | 12 |
| USA | 12 |
| Global | 10 |
| Europe | 8 |
| Middle East | 8 |
| Asia | 7 |
| Other | 13 |
| None/Nothing | 13 |
| Don't know | 10 |
Q6 Which aspects -- from those I read out -- does your business continuity plan cover?
| 160 | Yes | No | No opinion / Don't know |
|---|---|---|---|
| 160 | % | % | % |
| Buildings | 93 | 5 | 2 |
| People | 97 | 1 | 2 |
| Equipment | 95 | 1 | 4 |
| IT | 98 | 0 | 2 |
| Products | 73 | 23 | 4 |
| Intellectual property | 60 | 32 | 8 |
Q7 I am going to read out a list of potential benefits of implementing plans to maintain the security of your organisation. For each one, please tell me if it is of great benefit, of some benefit or of no benefit.
| 160 | Great benefit | Some benefit | No benefit | No opinion / Don't know |
|---|---|---|---|---|
| 160 | % | % | % | % |
| Protection of brand and reputation | 74 | 18 | 7 | 1 |
| Being able to reassure staff | 69 | 26 | 5 | 0 |
| Ability to recruit and retain staff | 26 | 52 | 22 | 0 |
| Protection of intellectual property | 44 | 41 | 14 | 1 |
| Maintaining customer confidence | 79 | 14 | 6 | 1 |
| Maintaining shareholder confidence | 70 | 23 | 5 | 2 |
| Continuity of production or operations | 80 | 15 | 4 | 1 |
Q8 How much more -- or less -- do you spend on security today than you did 5 years ago?
| 160 | % |
|---|---|
| A great deal more | 41 |
| A little more | 41 |
| About the same | 14 |
| A little less | 1 |
| A great deal less | 0 |
| Don't know | 3 |
Q9 Can you give me approximate amounts spent by your organisation on security for these 3 years. You do not need to be precise, an estimate to the nearest 163100,000 is fine.
| 160 | 2000 | 2002 | 2004 |
|---|---|---|---|
| 160 | % | % | % |
| Less than 16350,000 | 2 | 1 | 0 |
| 16350,000-16399,999 | 2 | 2 | 3 |
| 163100,000-163199,999 | 1 | 2 | 1 |
| 163200,000-163299,999 | 3 | 3 | 3 |
| 163300,000-163499,999 | 3 | 2 | 3 |
| 163500,000-163999,999 | 6 | 7 | 5 |
| 1631 million and over | 33 | 37 | 41 |
| Don't know | 50 | 46 | 44 |
| Mean amount | 163961 thousand | 163991 thousand | 1631,024 thousand |
Q10 How much more -- or less -- do you expect to spend on security in five years' time, compared to now?
| 160 | % |
|---|---|
| A great deal more | 19 |
| A little more | 38 |
| About the same | 35 |
| A little less | 2 |
| A great deal less | 0 |
| Don't know | 6 |
Q11 How much easier, if at all, would changes in any of the following areas make to your security planning?
Greater openness in government about the extent and nature of any external threats, in particular terrorism?
| Much easier | Little easier | No difference |
|---|---|---|
| % | % | % |
| 21 | 40 | 39 |
Increased priority given by local government to creating a secure local environment in which the business community can operate?
| Much easier | Little easier | No difference |
|---|---|---|
| % | % | % |
| 27 | 40 | 33 |
Increased, dedicated police resource?
| Much easier | Little easier | No difference |
|---|---|---|
| % | % | % |
| 32 | 41 | 27 |
Would you be prepared to pay for this increased police resource?
| Yes | No |
|---|---|
| % | % |
| 48 | 52 |
Minimum level security standards laid down and regulated by the government?
| Much easier | Little easier | No difference |
|---|---|---|
| % | % | % |
| 17 | 31 | 52 |
Freely available information on the latest technologies and guidance on use?
| Much easier | Little easier | No difference |
|---|---|---|
| % | % | % |
| 22 | 48 | 30 |
Increase company spend on security?
| Much easier | Little easier | No difference |
|---|---|---|
| % | % | % |
| 19 | 51 | 30 |
Still on the theme of seeking advice, how likely would you be to turn to each of these sources for advice on security matters?
| 160 | Very likely | Fairly likely | Not very likely | Not at all likely | No opinion / Don't know |
|---|---|---|---|---|---|
| 160 | % | % | % | % | % |
| The Home Office | 26 | 29 | 34 | 11 | 0 |
| Your local authority | 9 | 19 | 45 | 27 | 0 |
| IT security consultants | 23 | 51 | 14 | 10 | 2 |
| General management or business consultants | 6 | 27 | 38 | 29 | 0 |
| Providers of security staff | 22 | 44 | 17 | 17 | 0 |
| The Police | 43 | 38 | 16 | 3 | 0 |
| Providers of security technology such as scanning equipment | 25 | 49 | 18 | 7 | 1 |
| The MI5 website (recently expanded to include security advice for businesses) | 30 | 30 | 18 | 18 | 4 |
| Business advice hotlines | 7 | 20 | 36 | 36 | 1 |
| Own security experts | 78 | 12 | 1 | 6 | 3 |
Q13 How much more -- or less -- do you spend on premiums for insurance of buildings and IT systems or life insurance than you did 5 years ago?
| 160 | 160 |
|---|---|
| 160 | % |
| A great deal more | 33 |
| A little more | 26 |
| About the same | 20 |
| A little less | 4 |
| A great deal less | 0 |
| Don't know | 17 |
Q14 Can you give me approximate amounts spent by your organisation on insurance premiums for these three years... You do not need to be precise, an estimate to the nearest 163100,000 is fine.
| 160 | 2000 | 2002 | 2004 |
|---|---|---|---|
| 160 | % | % | % |
| Less than 16350,000 | 94 | 94 | 94 |
| 16350,000-16399,999 | 1 | 0 | 0 |
| 163100,000-163199,999 | 2 | 2 | 2 |
| 163200,000-163299,999 | 2 | 1 | 1 |
| 163300,000-163499,999 | 0 | 2 | 2 |
| 163500,000-163999,999 | 4 | 4 | 2 |
| 1631 million and over | 26 | 30 | 33 |
| Don't know | 58 | 54 | 53 |
| Mean amount | 163300 thousand | 163332 thousand | 163346 thousand |
Q15 How much more -- or less -- do you expect to spend on insurance premiums in five years' time, compared to now?
| 160 | 160 |
|---|---|
| 160 | % |
| A great deal more | 19 |
| A little more | 36 |
| About the same | 29 |
| A little less | 2 |
| A great deal less | 1 |
| Don't know | 13 |
Q16 How strongly do you agree or disagree that the business community is doing enough to ensure its own safety?
| Strongly agree | Tend to agree | Neither agree nor disagree | Tend to disagree | Strongly disagree | No opinion |
|---|---|---|---|---|---|
| % | % | % | % | % | % |
| 13 | 40 | 17 | 23 | 7 | 0 |
Q17 What do you think would make the single biggest positive difference to Britain's ability to do business in the current security climate?
| 160 | % |
|---|---|
| Greater openness between government & business/Implementation from government | 21 |
| More transparency/Awareness of information & guidance | 10 |
| Balanced appraisal of the risks without scaremongering | 10 |
| Need to get out of Iraq/Resolve the Iraq conflict | 6 |
| Have a homeland security organisation that coordinates all business security into one | 6 |
| Confidence/Greater involvement from the policy/Police resourcing | 4 |
| National ID card | 3 |
| Better coordination/Coordination within the business community | 3 |
| Effective means of dealing with animal rights activists | 3 |
| Remove the threat of terrorism | 3 |
| A major incident | 2 |
| IT security | 2 |
| Carry on as normal | 2 |
| Tighter control over immigration | 2 |
| Safety/security of staff | 2 |
| Government to support the cost of business security | 2 |
| Other | 12 |
| None/Nothing | 1 |
| Don't know | 18 |
Q18 What type of incident are you most worried about (it can relate to the UK or elsewhere in the World)
| 160 | % |
|---|---|
| Direct terrorist action/Terrorist incident | 32 |
| Environmental terrorists -- fire/Bombs/Biological/Chemical weapons | 20 |
| Business discontinuity/Interruption due to a terrorist act | 17 |
| IT espionage/Computer hackers | 12 |
| Security of personnel in hostile areas | 11 |
| Disruption of supplies/Raw materials | 4 |
| Interruption of transport communications | 4 |
| Animal rights protestors/Direct action from activists | 4 |
| Product contamination | 4 |
| Fire/flood | 3 |
| Threats to power supplies from terrorists/Energy crisis | 2 |
| Company fraud | 2 |
| Other | 10 |
| None/Nothing | 1 |
| Don't know | 1 |
Classification
Q19a Do you have a "Chief Security Officer" in your organisation?
| 160 | % |
|---|---|
| Yes | 68 |
| No | 32 |
Q19b Is your Chief Security Officer at board level? Base: All those with a Chief Security Officer (68)
| 160 | % |
|---|---|
| Yes | 21 |
| No | 79 |
Q20a Apart from the UK, how many countries do you operate in?
| 160 | % |
|---|---|
| Less than 5 | 10 |
| 5-10 | 9 |
| 11-20 | 12 |
| 21-30 | 12 |
| 31-40 | 3 |
| 41-50 | 8 |
| 51-60 | 2 |
| 61-70 | 2 |
| 71-80 | 4 |
| 80+ | 17 |
| Don't know | 2 |
Q20b What were your global revenues in the most recent financial year?
| 160 | % |
|---|---|
| Under 1631m | 0 |
| 1631 and under 16310m | 2 |
| 10 and under 163100m | 4 |
| 100m and under 163500m | 17 |
| 500m and under 1631billion | 4 |
| 1631b and under 1635b | 31 |
| 1635bn and over | 29 |
| Don't know | 13 |
| Refused | 0 |
Q20c What is your primary industry sector classification?
| 160 | % |
|---|---|
| Utilities | 9 |
| Mining, minerals, natural resources | 3 |
| Technology/media/telecoms | 11 |
| Dot-com/Internet | 0 |
| Construction | 1 |
| Manufacture of industrial goods | 4 |
| Manufacture of consumer goods | 10 |
| Other manufacturing | 2 |
| Manufacturing unspecified | 2 |
| Transport and distribution | 11 |
| Services/retailing | 13 |
| Financial services/Banking | 12 |
| Other services | 8 |
| Leisure/entertainment | 1 |
| Engineering | 4 |
| Other | 9 |
Q20d How many employees do you have in the UK?
Q20e And how many do you have in your global operations?
| 160 | Q20d | Q20e |
|---|---|---|
| 160 | % | % |
| 1-99 | 2 | 2 |
| 100-499 | 2 | 1 |
| 500-999 | 5 | 1 |
| 1,000-1,999 | 11 | 5 |
| 2,000-4,999 | 22 | 16 |
| 5,000-14,999 | 34 | 20 |
| 15,000-24,999 | 7 | 13 |
| 25,000-49,999 | 6 | 11 |
| 50,000+ | 9 | 30 |
| Don't know | 2 | 1 |
Q20e What percentage of revenue/profit will come from the UK?
| 160 | % |
|---|---|
| 0-10% | 12 |
| 11-20% | 10 |
| 21-30% | 11 |
| 31-40% | 4 |
| 41-50% | 4 |
| 51-60% | 3 |
| 61-70% | 5 |
| 71-80% | 4 |
| 81-90% | 3 |
| 91-100% | 28 |
| Don't know | 16 |
Q20f Where is your UK head office located?
| 160 | % |
|---|---|
| London | 62 |
| South East (excluding London) | 13 |
| Scotland | 5 |
| South West | 5 |
| North West | 3 |
| East Midlands | 3 |
| North East | 2 |
| Yorkshire and Humberside | 2 |
| West Midlands | 2 |
| No HO in UK | 2 |
| Northern Ireland | 1 |
| Wales | 0 |
| East Anglia | 0 |
Q20g Finally, can I just check your job title please?
| 160 | % |
|---|---|
| Manager/Head of Security | 24 |
| Other director | 19 |
| Company secretary | 9 |
| Director of Security | 7 |
| Corporate Risk Manager | 7 |
| CEO | 5 |
| CFO/FD | 4 |
| Manager/Head of Facilities | 3 |
| Health & Safety Manager | 3 |
| Facilities Director | 3 |
| Chairman | 2 |
| Manager/Head of Business Continuity | 2 |
| Corporate Risk Director | 2 |
| Other | 10 |
More insights about Financial Services
