The newly released Information Security Breaches Survey 2014, commissioned by the UK’s Department for Business, Innovation and Skills (BIS) and conducted by PwC finds that although the number of information security breaches impacting UK businesses decreased over the last year decreased, both the scale of the breaches reported and the impact has almost doubled.
“Although organisations are experiencing fewer breaches overall, the severity and impact of attacks has increased, with the average cost of an organisations’ worst breach rising significantly for the third consecutive year,” the report states.
Key findings include:
- 81% of large organisations suffered a security breach – down from 86% in 2013
- For large organisations the worst breaches cost between £600,000 and £1.15 million on average
- 60% of small businesses reported a breach, down from 64% last year
- For small organisations the worst breaches cost between £65,000 and £115,000 on average
“Whilst the number of breaches affecting UK business has fallen slightly over the past year the number remains high and in many companies more needs to be done to drive true management of security risks. Breaches are becoming more sophisticated and their impact more damaging,” said Andrew Miller, PwC’s cyber security director.
“Given the dynamic nature of the risk, boards need to be reviewing threats and vulnerabilities on a regular basis. As the average cost of an organisation’s worst breach has increased this year, businesses must make sure that the way they are spending their money in the control of cyber threats is effective,” Miller continued. “Organisations also need to develop the skills and capability to understand how the risk could impact their organisation and what strategic response is required.”
Other findings in the report include:
- 70% of companies that have a poor understanding of security policy experienced staff related breaches
- only 41% of companies experienced staff related breaches where security is well understood
- the number of businesses which are confident they have the means within their organisations to detect, prevent and manage information security breaches is 59%, up from 53% last year
“These results show that British companies are still under cyber attack. Increasingly those that can manage cyber security risks have a clear competitive advantage,” said UK Universities and Science Minister David Willetts.
“Through the National Cyber Security Programme, the government is working with partners in business, academia and the education and skills sectors to equip the UK with the professional and technical skills we need for long-term economic growth.”
The full results from the study will be released during the Infosecurity Europe conference.
Read More Here…