Skip to main content

93% of organisations suffered a data breach in 2013

Some 93 per cent of large organisations experienced a security breach last year, according to a new survey commissioned by the UK Government's Department for Business, Innovation and Skills (BIS).

This figure has remained largely unchanged since the 2012 report. However, smaller businesses saw an 87 per cent mark-up in data breaches, up from 76 per cent the year before. This supports the comments of some security experts, who claim that small to medium businesses have a false sense of cyber-security.

The overall numbers of attacks also increased, with large companies experiencing an average of 113 breaches, and smaller enterprises reporting an average of 17. Both of these numbers are up by almost 50 per cent on 2012 figures.

What's worse – the financial burden of data breaches and web-based security attacks has also increased. The worst security breaches are currently costing large companies an average of £450,000 to £850,000 each, while smaller businesses typically experienced losses of between £35,000 and £65,000.

These shocking costs are brought about by attacks originating both inside and outside the organisations affected.

Some 78 per cent of large organisations reported attacks from outside the business over the last year, with 39 per cent of those incidents being distributed denial of service (DDoS) attacks.

Something that enterprise leaders should be particularly aware of is the fact that 36 per cent of data breaches were down to simple human error, a figure that highlights the importance of proper training and education surrounding the risks facing the average member of staff.

While most large companies now have a written data security policy, understanding of these policies is often shamefully low, according to the survey's findings. Companies whose employees had been educated in the dangers of data breaches, and what they could do to prevent it, enjoyed a reduction in data breaches by as much as a half.

The findings are particularly relevant as the number of high-profile data breaches occurring in 2013 has been truly startling. Adobe, Australian dating company Cupid Media, racing news site The Racing Post, as well as JP Morgan, and even the UK Home Office have all suffered catastrophic data breaches in the last three months alone.