The majority of businesses are unable to count the cost of a security breach, suggests new research commissioned by data security firm CipherCloud. According to the survey of over 300 business decision makers in UK companies across financial services, healthcare and government, almost 70% of respondents were unable to estimate the cost of a security breach. This was despite admitting they had concerns about security risks when it comes to putting their information in the cloud.

Despite the frequent public announcements about information being breached by cloud threats, including malicious hackers, accidental leakage, and even insiders at cloud application providers, the percentage of senior business decision makers unable to estimate the cost was surprisingly high in relation to the adverse impact on their organisations.

Asked what concerns they had regarding their organisations’ sensitive information being in the cloud, they indicated the following fears (in order of priority):

•Security and risk of data breaches – 44%
•Loss of control over data – 33%
•Data residing under foreign jurisdiction control – 23%
•EU Data Protection Act – 17%
•Other regulatory compliance requirements – 10%

Current use and future implementation of cloud-based applications - key findings

•Business tools, (sales, marketing, HR and procurement) are being used by 12% with 15% planning to migrate

•Data storage and archiving is already being used by 16% of respondents with a further 17% looking to adopt a cloud-based approach in the next 1-12 months

•Communications applications (e.g. email, contacts calendars) are being used by 14% of businesses with a further 20% adopting them over the same time period

•Collaboration tools and shared document services (eg. Dropbox, Box) are being used by 11% with 20% planning to migrate

•Internal applications and portals (eg. travel and finance) are being used by 9% with 19% migrating in the next 1-12 months.

European legislation is expected to address cloud security in 2013/2014 as the EU Data Protection Reform is scheduled to move into legislation. Recently published Information Commissioner’s Office (ICO) guidelines underline that companies remain responsible for personal data, even when passed to cloud network and services providers. Organisations failing to protect private data can be fined up to £500,000 per incident by the ICO

Research for this report was conducted between 15/11/2012 and 23/11/2012.

Share Story: