After several years of improvement, the frequency and severity of security breaches hitting UK organisations is back on the rise according to PricewaterhouseCoopers (PwC).

The deteriorating trend is costing "billions of pounds", despite security remaining high on the management agenda and spending on it remaining resilient during the recession.

The 2010 Information Security Breaches Survey (ISBS) commissioned by Infosecurity Europe and written by PwC reports that technology has continued to evolve rapidly through greater use of cloud computing and social networks. Public and private sector organisations appear to have a greater understanding of security risks and the need for assurance over them, yet most are ill-prepared to deal with them.

"Almost half the organisations we polled told us they had increased their expenditure on information security in the last year and roughly the same number said they expected to spend more on it next year," commented Chris Potter, a partner at PwC's OneSecurity.

"At the same time most organisations (82% of large ones and 75% of smaller ones) assess information security risks now, compared to just 48% who did so in 2008. So organisations are getting better at understanding security risks in a changing business environment where a large majority of them are relying increasingly on external services hosted over the internet.

"However, this focus is not translating into fewer breaches of security; in fact the number has risen to well over double what it was two years ago and has reached record levels for all sizes of organisation. All types of breach were on the increase and a conservative estimate is that the total cost of breaches to UK business in billions of pounds is now well into double figures."

Comparison with a similar survey carried out by PwC in 2008 shows a dramatic reversal of the declining trend in security breaches. Whereas 35% of those polled earlier said they had had a malicious security breaches in the previous year, this time round the figures were 90% for large organisations (more than 250 employees) and 74% for small ones(up to 25 employees).

At the same time the average number of breaches and cost were also up on two years ago. Smaller businesses averaged 11 (six in 2008) breaches with their worst incident of the year costing up to £55,000 (£20,000) on average, while larger ones averaged 45 breaches (15) with the worst incident costing up to £690,000 (£170,000) each.

Most respondents were pessimistic about the future with 56% of large organisations and 43% of smaller ones expecting more incidents next year, back to levels last recorded in 2006.

Larger organisations are being bombarded with attacks:
62 % were infected by a virus or malicious software in the last year (21% in 2008)
61% have detected a significant attempt to break into their network (31%)
15% have detected actual penetration by an authorised outsider into their networks in the last year (13%)
25% have suffered a denial of service attack (11%)

Protecting customer information remains the highest driver for security expenditure but an increasing number of serious confidentiality breaches were reported. Among large organisations 46% said they had had staff lose or leak confidential data, while 45% of confidentiality breaches were very or extremely serious (the equivalent figure for other breaches was just 15%).

Share Story: