The results of the National Gateway Security Survey released this morning show that securing networks against external attacks is still the top priority for most companies, despite evidence clearly highlighting the continuing risk of internal attacks.

This is an issue that retailers should not find hard to comprehend. After all, their physical security efforts target not only shoplifters and other types of external crime, but also shrinkage that originates within the organisation.

And in just the same way that stock shrinkage can sometimes be the unintentional consequence of process deficiencies, an internal security breach can be the result of inadequate security policies.

The survey, carried out for specialist IT security distributor Wick Hill, found that among the UK’s largest companies, the top priority for this year was securing the network from external attack, which 79 per cent rated as very important.

Yet thinking about some of the latest threats to inflict retailers in the UK and the problems have tended to begin internally.

The data loss at Marks & Spencer last year, which has resulted in the retailer being required to encrypt data on all of its laptops was not a deliberate IT security breach, but more an issue of policy.

And the news last week that fraudsters have been able to steal payment card data after tampering with Chip and PIN devices also highlights that collusion between store staff and criminals could extend beyond simple stock shrinkage problems.

Retailers have already got to grips with the need for internal as well as external physical security. Now they must accept that IT security threats could come from within as well.