Research carried out by InfoSecurity 2012 has shown that one in seven companies over the past year have been victims of cyber attacks and this hacking trend is, quite literally, costing the UK billions.
These statistics are the highest ever recorded since the 1990s when monitoring first began. The average cost of the worst kind of security breach suffered by a large corporation today stands at between £110,000 and £250,000 according to the recent survey (Information Security Breaches Survey – ISBS) carried out by InfoSecurity 2012.
447 UK businesses participated in the survey which has shown some rather terrifying results.
In the past year alone 76% of the small businesses and a whopping 93% of the larger organisations who took part claimed to have suffered a security breach of some kind with 80% of the breaches within the larger companies carried out by members of staff.
It would appear that the major problem lies with company IT teams who seem unwilling to spend out on protection. The survey found that, in 20% of the companies participating, just 1% or less of the IT budget was actually spent on tougher security measures and just 39% took the appropriate measures to encrypt important data when downloading the information to their tablets or smart phones.
According to David Willetts, Universities and Science Minister, the government want to try to work alongside UK businesses with the aim of strengthening their security measures and educating them on the importance of tougher security.
Mr. Willetts stated that he was shocked that the message of how important it is for businesses to protect their infrastructure still isn’t getting through to many companies in the UK. Mr. Willetts has also asked for companies to be more upfront about cyber attacks so that other companies can learn where their weaknesses and vulnerabilities lie and are made more aware of possible hacking threats.
Neelie Kroes, Digital Agenda Commissioner and Vice President of the European Commission, agrees that far more needs to be done before we can begin attempting to prevent these cyber threats, let alone wiping them out. There is no easy solution when many of these threats come from international sources but Kroes believes that what is needed is a “New Vision”.
This new vision would see information centres centralised for company partners to share and would include a single forum for support as well as discussion topics on good security practice.
Unfortunately many attacks or attempted attacks are still going unreported for one reason or another and, in order to expose these cyber pests and protect IP and assets companies really need to come clean.
If the recently proposed EU Data Protection Framework comes into play companies would be obliged to admit to any breach in security within 24 hours and could face fines of up to 2% of their annual turnover. However, the severity of this proposal has been met with strong criticism and it has yet to be decided whether the proposal will actually be put in place.
On a more positive note, the European Parliament’s Civil Liberties Committee gave a 50 to one backing for the proposed directive to enforce a two year minimum prison sentence on anyone caught hacking into company systems, so perhaps we are beginning to make headway in our fight against cybercrime after all.
Let’s take a further look at some of the statistics from the Information Security Breaches Survey (ISBS):
- On average, each large organisation participating in the survey has experienced 54 significant cyber attacks from unauthorised outsiders in the past year. This figure is double that of 2010
- 20% of the small businesses who participated actually lost confidential information due to security breaches and 80% of those breaches were of a serious nature
- The average cost of the worst security breach on a small company is between £15,000 and £30,000
- 54% of the small businesses who took part in the survey admitted to not having any programmes in place to educate their staff about security issues
- 75% of businesses with poorly understood security policies suffered breaches by members of staff which would constitute employment law problems.
- 67% of the larger organisations who took part are expecting further security breaches next year. Just 12% who participated are expecting fewer breaches in the following 12 months
- 12% of the larger corporations claim that low priority is given to security by the company’s senior management
http://www.infosec.co.uk/
http://www.pwc.co.uk/en_UK/uk/assets/pdf/olpapp/uk-information-security-breaches-survey-executive-summary.pdf
http://www.pwc.co.uk/en_UK/uk/assets/pdf/olpapp/uk-information-security-breaches-survey-technical-report.pdf