UK retailers are lagging behind the rest of UK business in the battle to secure their IT systems, according to the latest version of the Department of Trade and Industry’s authoritative biennial Information Security Breaches Survey.

Two thirds of the 150 retailers surveyed spend just 1 per cent of their IT budget on security, compared with an average across all sectors of 3 per cent, and a recommended benchmark figure of between 5 and 10 per cent.

Only 8 per cent of retailers that took part have an information security professional on their staff, compared with 11 per cent across all sectors.

Perhaps most shockingly, only 29 per cent of retailers have a data protection policy in place, compared with 44 per cent for UK business as a whole.

Some 51 per cent of retailers have no policy and no plans to introduce one.

This is against a background of ever increasing security threats. Malicious incidents have seen a dramatic rise, with 68 per cent of companies suffering an attack from a virus, or misuse of their computer systems - up from 44 per cent in 2002.

‘It used to be the case that the retail sector didn’t suffer security breaches, so information security has not been a priority,’ says PricewaterhouseCoopers partner Chris Potter, who led the survey.

‘We have seen over recent years that threats such as viruses are indiscriminate, and retailers haven’t yet caught up,’ he said.