Security Breaches Costing UK Billions

The latest piece of research on security breaches in the UK highlights a number of alarming points, including the fact that one in seven large organisations has been hacked in the last year.

The 2012 Information Security Breaches Survey, authored by PwC in conjunction with Infosecurity Europe, questioned 447 UK businesses.

The figure of 70 per cent of companies having detected hackers within their systems is a record high since the survey began two decades ago.

On average, there were 54 "significant" attacks on each large organisation by an outsider, double the level seen in 2010. Small businesses faced one attack per month.

The average cost of the worst security breach a large business got hit by was pitched between £110,000 and £250,000, with the figure being £15,000 to £30,000 for small businesses. Yet PwC noted that a fifth of organisations spend less than 1 per cent of their IT budget on security.

Chris Potter, PwC information security partner, said: "The UK is under relentless cyber attack and hacking is a rising risk to businesses. The number of security breaches large organisations are experiencing has rocketed and as a result, the cost to UK plc of security breaches is running into billions every year. Since most businesses now share data with their business partners across the supply chain, these numbers are startling and make uncomfortable reading for business leaders.

"Large organisations are more visible to attackers, which increases the likelihood of an attack on their IT systems. They also have more staff and more staff-related breaches which may explain why small businesses report fewer breaches than larger ones. However, it is also true that small businesses tend to have less mature controls, and so may not detect the more sophisticated attacks."

Potter added: "If security is doing its job it goes unnoticed and it's hard to measure the business benefits, so investment in security often ends up losing out against other competing business priorities."