recent work

Information security (IS) breaches reach highest ever levels according to Department for Business/PWC 2013 IS Breaches Survey

The number of information security breaches affecting UK business, both large and small, continues to increase. The rise is most notable for small businesses; they’re now experiencing incident levels previously only seen in larger organisations. The survey found that:

• 93% of large organisations had a security breach in the last year.
• 87% of small businesses had a security breach in the last year (up from 76% a year ago).

Affected companies experienced roughly 50% more breaches on average than a year ago.
• 113 is the median number of breaches suffered by a large organisation in the last year (up from 71 a year ago).
• 17 is the median number of breaches suffered by a small business in the last year (up from 11 a year ago).

The cost of individual breaches continues to vary widely. The average cost of respondents’ worst breach of the year has never been higher, with several individual breaches costing more than £1m. In total, the cost to UK plc of information security breaches is of the order of billions of pounds per annum – it’s roughly tripled over the last year.

Both external attacks and the insider threat are significant; attacks by outsiders (such as criminals, hacktivists and competitors) cause by far the most security breaches in large businesses – the average large business faces a significant attack every few days. Even small businesses, which used not to be a target, are now also reporting increasing attacks.

Staff also play a key role in many breaches. Serious security breaches are often due to multiple failures in technology, processes and people. In addition, staff-related incidents have risen sharply in small businesses.

In response to this the vast majority of businesses continue to prioritise information security with related budgets increasing, or a least not being cut. However, many businesses can’t translate this expenditure into effective security defences. In large organisations, ineffective leadership and communication about security risks often leaves staff unable to take the right actions.

There are weaknesses in training, communication and understanding of internal security policies and procedures, a lack of clarity around data protection responsibilities, insufficient risk assessment and skills shortages in respect of information governance/security.

Business use of technology is changing fast with the increasing use of cloud based services, social networking sites, bring your own devices (BYOD) and portable media, so it’s important to have a flexible approach to information security.

Overall, the survey results show that companies are struggling to keep up with security threats, and so find it hard to take the right actions. How would your organisation rate?

Please follow link to download a copy: 

Tags: , , , ,