Research on Coping with E-mail and Internet Risks

November 1, 1998

The study was jointly commissioned by network security specialist Integralis,City law firm Theodore Goddard, and corporate insurer Nelson Hurst, andconducted by QA Research. Its publication marks the launch of a new range ofservices by Integralis, Theodore Goddard and Nelson Hurst, which will helpcompanies address the liability and security issues created by the rise inbusiness use of e-mail and the Internet.

As the study shows, an increasing number of companies are using e-mail andthe Internet and are thus aware of the potential threats it can bring tocorporate liability. But in many cases there is little done to combat thesethreats through network security, necessary insurance and legal measures. `Thisresearch has uncovered a massive knowledge gap that needs to be bridged bycorporate Britain, between the current use of e-mail and the Internet byorganisations and what is actually required to ensure they are doing businessvia electronic methods in a secure manner,’ said Steve Webb, European marketing& business development director, Integralis Network Systems. `E-business isgrowing at such a rapid rate that policy and correct practice has been leftstanding. Now is the time to catch up before it is too late.’

The research showed that managers are concerned about corporate threats toe-business, but current policies and policy-making procedures are not sufficientto ensure protection against such threats. While 89% of organisations feel thatnetwork security is important to business, over one-third (34%) have no companypolicy in relation to use of the Internet or external e-mail. Perhaps the rootof the problem is that nearly two-thirds (59%) of all organisations do not givedocumented Internet or e-mail usage guidelines to new employees in eitheremployment conditions or staff joining packs, meaning that many new employeescould be unknowingly putting their employer at risk.

From a legal perspective, a worrying number of companies realise they areunder threat from use of e-mail and the Internet, but have not produced anadequate solution. Well over half (57%) of companies are concerned aboutcorporate e-business liability, with 70% believing they are exposed to liabilityfor breach of confidence. Nearly half (49%) also think they could be infringingthe Computer Misuse Act 1990.

`This research demonstrates that British companies are not generally aware ofthe extent to which employee access to e-mail and the Internet can expose themto legal liability,’ says David Engel of Theodore Goddard. `Even where there issome awareness of the problem, companies do not appear to be doing a great dealto manage that risk. Only last year, for example, we acted for private medicalhealth insurer Western Provident Association which successfully sued NorwichUnion for libel as a result of e-mail messages circulated on Norwich Union’sinternal e-mail system. Norwich Union paid our client £450,000 in damages andcosts; that case is a salutary lesson for any employer whose staff have accessto an internal e-mail system and, even more so, to the Internet.’

The study showed that those responsible for purchasing and setting corporateinsurance policies (typically finance directors) were unaware of the need toinsure against corporate risks associated with e-business. It found that nearly80% of finance directors either had no such insurance or, in the worst cases,were not even aware that it existed. The lack of awareness of e-businessliability amongst those responsible for corporate insurance is very concerning,says Trevor Moss, Director of corporate insurer Nelson Hurst. `Insuranceprovides the front-line of defence against these liabilities, without whichcompanies are seriously exposed.’

More information can be found at,or by telephoning: 0118 930 6060.