Carelessness with passwords is costing British businesses a fortune in theft and fraud, according to a Department of Trade and Industry (DTI) survey.

Of the 1,800 adults quizzed, more than a third write down security information, including passwords, on paper or store it on computers. Nearly two thirds never change their passwords and one in five uses the same password for non-banking websites as for online banking.

The DTI is spending £4 million on research into human error in network security. "Unfortunately, the weakest link in network security is not with the technology, but with the staff and system users," said the Minister for Science and Innovation Malcolm Wicks. "The UK lost £440m to credit card fraud last year alone, with 62 per cent of companies experiencing a network security incident, so the stakes are high. This is a problem we need to fix."

DTI-funded projects

Several UK universities and businesses are collaborating on DTI-funded projects, including The National Computing Centre and University of Manchester. They're working on CatalysIS, a software tool that provides a network-security awareness course for employees.

The DTI reckons it's the first time that behavioural science is being used to tackle the human risk element in network security. It's hoped that companies adopting the findings will make significant savings and that the research could create a £125 million business market. Karl Foster