UK critical business applications more vulnerable to attack than those of US counterparts

Veracode report says many British firms are sitting targets for cyber criminals

British businesses lag behind their US counterparts when it comes to application security, with UK firms spending less on internally developed applications and far less likely to test them against critical vulnerabilities.

That's according to a study by analysts at IDG, commissioned by application security company Veracode. It found that while enterprises on both sides of the Atlantic are keen to develop their own applications - with businesses developing more and more each year - UK firms have a smaller budget for it than those in the US, leading to security vulnerabilities.

Indeed, the study found that on average, UK companies are spending 21 per cent less on developing applications than US companies of equal size. Perhaps more worrying, however, is that in the UK, two-thirds of internally developed applications remain untested against cyber threats such as SQL injections.

This lack of testing potentially gives cyber criminals an easy way into British businesses, especially given that for UK companies, application development is more likely to be focused on business-critical apps.

Meanwhile, in the US, application development is likely to be more secure, with more security programmes in place to test the vulnerability of apps, putting American businesses ahead of their British counterparts both when it comes to budget and security.

The IDG report claims that if UK firms don't catch up with the tactics of US businesses when it comes to application development, then cyber criminals will continue to enjoy relatively easy access to critical systems.

"Companies are becoming better at securing their networks and endpoints, causing cyber-criminals to focus their efforts on the application-layer. As a result, more than half of all successful breaches are attributed to application-layer vulnerabilities," said Adrian Beck, manager of EMEA security programme management at Veracode.

"Closing the security the gap between the numbers of apps being produced and number that are assessed for security will help UK companies remain competitive in the new application economy," he added.

The IDG study was conducted by questioning executives at large enterprises about their application security programmes and practices.