United Kingdom retailers are not taking enough formal precautions against information security vulnerabilities, despite knowledge that these weaknesses exist according to a new report [1] from Deloitte, reports [2] IT Week.

The Taking Stock: Consumer Business Security Survey surveyed IT leaders and chief security officers from consumer goods and retail firms and found 73 per cent rated "unauthorised access to personal information" as the top privacy and reputational concern.

But despite this, only 20 percent of respondents said they have a formally defined information security [3] strategy, compared to the 54 per cent reported in Deloitte's 2007 Technology Media & Telecommunications Security Survey and 63 per cent reported in Deloitte's 2007 Global Financial Services Security Survey.

“Most companies surveyed have taken the basic steps by identifying a security manager and putting in place the basic security protective measures," said Mike Maddison, U.K. head of security and privacy at Deloitte, "but they have not reached the level of maturity we see in other industries."

According to the survey, 93 percent of all security managers now report directly to a company's chief executive—an important move in the right direction.

Nevertheless, Deloitte says it's critical retailers prioritize enhanced security for two reasons. First, consumer awareness of issues pertaining to personal information loss and identity theft have never been higher. One security breach could hurt, if not destroy, a retail company's reputation. Second, the motive of computer crimes has shifted from showcasing skills to profit-making. This shift, Morris adds, "has increased both the sophistication of and the damage done by attacks."