Experts are warning that UK companies could be liable to face legal action as a result of problems with IT security.

Many businesses believe it is a question of 'not if but when' they will be forced into the courts because of lost or damaged data arising from hacking, fraud, viruses or human error.

In a report based on interviews with data security managers from some of the UK's top organisations, Jeremy Beale, head of the CBI's ebusiness group, warns that significant financial losses could occur for firms with inadequate data protection who are sued by business partners or clients.

'We believe that there are companies out there who could find themselves legally liable because of what they haven't done in terms of data security,' he said .

Paul Moxey, head of risk management and corporate governance at the Association of Chartered Certified Accountants says auditors are 'vitally worried' about legal action over poor data. He says this has a huge influence on their working lives.

'It's a concern that has been developing for years,' he said.

The 'Risky Business: UK Industry and Data Integrity? report, produced for security supplier CyberTrust, claims the ?near-certainty? of legal action will come as a result of poor security practices and the introduction of new US and European legislation.

John Oxton, Barclays Group data architect, says in the study that regulations such as Basel II and the US Sarbanes-Oxley Act have had a 'major effect' on the way the bank approaches data integrity and protection.

The report also found demand among some organisations for the development of a third-party certification system for computer security - similar to the credit ratings used to assess top companies.

'A de facto and industry supported third party that would be market driven would be very attractive option,' said John Meakin, head of security for Standard Chartered Bank in the report. 'I think in a global market anything that speeds up decision making would be interesting.'