Your browser is no longer supported

For the best possible experience using our website we recommend you upgrade to a newer version or another browser.

Your browser appears to have cookies disabled. For the best experience of this website, please enable cookies in your browser

We'll assume we have your consent to use cookies, for example so you won't need to log in each time you visit our site.
Learn more


  • Comment
ICT fraud and abuse are still posing major problems to public sector organisations and those who use their services...
ICT fraud and abuse are still posing major problems to public sector organisations and those who use their services, an in-depth survey shows.

New technologies, like the use of handheld devices (PDAs) and wireless networking, are creating fresh risks that public services are only slowly reacting to. And, despite better ICT security systems, a 'culture of complacency' and a failure to ensure that staff understand the rules is undermining the effectiveness of ICT security arrangements.

The survey, carried out in 2004 by the Audit Commission, is based on the responses of more than 400 public sector organisations, including NHS trusts, local authorities, police and fire authorities. 200 cases of ICT fraud and abuse were identified in the survey. The results are published in the report An Update on ICT Fraud and Abuse 2004.*

Since the last survey in 2001, the new report points to some improvement in ICT security, with security policies in place at 96% of organisations. It also recorded a fall in the incidence of 'business disruption' (viruses or other deliberate acts aimed at denying users access to systems), making up only 20% of cases in the 2004 survey compared with 39% in 2001.

But the report does reveal:

--a 13% growth in reputational risks, including staff accessing pornography or other inappropriate material (52% of cases in 2004 compared to 39% in 2001);

--financial risks continuing to mount (28% of cases in 2004 compared to 22% in 2001); and

--evolving technology (like wireless networking) presenting a challenge that organisations do not fully appreciate (64% of respondents put wireless networking in the low/medium risk category).

The report focuses on the key role staff play in ICT security. Yet only 50% of organisations initiate staff training in ICT security systems, and only a third of organisations inform their staff about their ICT security policy and what staff should be doing.

Alongside the report the commission has produced a self-assessment questionnaire for chief executives and other senior managers to use when considering their own organisation's susceptibility to ICT fraud and abuse.

Steve Bundred, chief executive of the Audit Commission said: 'The growth in new technology - through PDAs and wireless networking, for example - coupled with the greater sophistication of hackers and fraudsters, mean that the risks remain significant.

'ICT security is only as effective as the staff within the organisation, and too often we are finding that staff are unsure of their role. If we fail to get this right we risk eroding the confidence of citizens in the electronic systems that underpin public services.

'We recommend that chief executives and other senior staff review their organisations against the set of questions we've developed.'

To help local government and health bodies tackle ICT fraud and abuse, the commission has developed the Your Business at Risk database, against which organisations can compare their ICT security measures against a range of other organisations. To use YBAR, local government and health bodies should contact their appointed auditor.

Both the report and self-assessment are available on the Audit Commission's website at


The ICT fraud and abuse survey was carried out during October - November 2004. 407 bodies completed the survey, including local government, police and fire authorities, NHS bodies, central government departments, non-departmental public bodies and agencies.

The 2004 survey is the seventh conducted by the Audit Commission.

* The report is available here.

The Audit Commission is an independent watchdog responsible for ensuring that public money is spent economically, efficiently and effectively. Our remit covers more than 12,000 bodies which between them spend nearly£100 billion of public money each year.

We are active in local government, health, housing, criminal justice and fire and rescue services and consequently have unrivalled insights into the overall impact of public services on users.

In addition to making sure that taxpayers receive value for money, our aim is to provide impartial information on the quality of public services. We also act as a force for improvement by providing practical recommendations and spreading best practice.

We are committed to working in partnership with other regulators and to ensuring that our own activities also represent value for the taxpayer.

Further details about the Commission can be obtained from its web site

For further information please contact:

Martin Bollers, Head of Communications Strategy & Implementation

Tel: 020 7166 2145

Fax: 0845 052 2617

Mob: 07899 062 015

Email :

  • Comment

Have your say

You must sign in to make a comment

Please remember that the submission of any material is governed by our Terms and Conditions and by submitting material you confirm your agreement to these Terms and Conditions.

Links may be included in your comments but HTML is not permitted.