Audit committees are increasingly concerned that their boards are not spending enough time and money tackling IT security issues, despite the risks that they pose to business continuity, according to research from KPMG.

Polling more than 1,300 audit committee members in 25 countries, the firm found that nearly one third is unsatisfied with the amount of time that the committee spends looking at IT risk issues, while 60 per cent were only "somewhat satisfied".

While 45 per cent had responsibility to oversee issues relating to information security and privacy, a fifth complained that they had no say in this area at all.

Tim Copnell, director of KPMG's Audit Committee Institute in the UK, said: "The survey showed that nine out of ten audit committee members felt they had improvements to make in the oversight of IT risk issues. This is a worrying trend given that organisations are now so dependent on IT.

"If audit committees (or equivalent bodies) are not able to give sufficient attention to the oversight of IT risk, companies might be unwittingly exposed to risk."

The report was released at the same time as a new study from Deloitte, which revealed that two thirds of financial services companies have suffered an external breach, with one third admitting that breaches were down to the misconduct, unintentional errors or omissions of employees.

Research for Connect in 2007 found that 88 per cent of UK businesses were interested in Disaster Recovery systems primarily to protect their critical applications and data