Security breaches cost UK businesses billions

29 Apr 2010 - Key findings of the 2010 Information Security Breaches Survey

After declining in number for the last few years, a new wave of security breaches is hitting UK organisations, costing them billions of pounds, according to a survey released by PricewaterhouseCoopers LLP (PwC) at Infosecurity Europe.

Among the key findings of the 2010 Information Security Breaches Survey (ISBS) commissioned by Infosecurity Europe and written by PricewaterhouseCoopers LLP organisations appear to have a greater understanding of security risks and the need for assurance over them. However, as technology continues to evolve rapidly, most are ill-prepared to deal with them.

• 92% of large respondents/83% of small respondents had a security incident in the last year.
• £280k - £690k is the average cost of a large respondent’s worst incident of the year.

Andrew Beard, director, OneSecurity, PricewaterhouseCoopers LLP, commented, “Part of the solution to ensure better security is encrypting data and we see that there has been huge improvements in this area with regard to laptops, USB sticks and other removable media. But educating people is just as important and more companies than ever before now have a security policy, although only 19% of respondents from large organisations believed their policy is very well understood by staff. The root cause of this is that investment in security awareness training, while on the increase, is still often inadequate.”

It is encouraging that the number of organisations with a formal security policy is higher than ever. However, a security policy is only useful if staff understand and apply its contents. Getting the message out across a large organisation is a big challenge. Only one in five believe their policy is well understood.

Effective threat protection requires the right security behaviour

The rise in incidents is due to the more complex threats that have emerged over the last two years. Technical controls are no longer, in isolation, enough to protect organisations. A combination of people, technology and process is now required. This is particularly the case for large respondents who have experienced increasing numbers of serious confidentiality breaches.

NETconsent View

The survey suggests that security controls are lagging behind the use of new technology and security breaches are considered inevitable. Ensuring workers understand security threats and the potential impact on their organisation is therefore imperative. A security conscious workforce creates the first line of defence against a diverse range of security threats.

NETconsent Compliance Suite provides the means to raise policy awareness, make it easier for managers to foster policy adherence and for auditors to measure policy compliance.

The latest release has many new features, including:

• Enriched management controls enabling close monitoring of policy uptake;
• Enhanced functionality that meets the strict governance needs of today’s heavily regulated organisations;
• Tighter integration with existing systems facilitating easier access to key corporate policy statements and supporting material, including procedures and elearning modules.

NETconsent also uniquely provides a comprehensive Implementation Methodology which aids organisations to deliver the benefits of their solution in a timely and cost effective manner. This methodology not only simplifies the technical installation but also engages with senior management to ensure corporate governance problems, resulting from poor policy management, are driven out. The result is a sustainable governance model which instils real cultural change and delivers clear proof of regulatory compliance.

Executive Summary of the PWC Information Security Breaches Survey 2010