Businesses urged to step up IT security

A new survey says that IT security breaches are costing the UK economy billions of pounds a year.

A total of 447 businesses were quizzed for the 2012 Information Security Breaches Survey (ISBS), carried out by PwC in conjunction with Infosecurity Europe and supported by the Department for Business, Innovation and Skills. Key findings of the survey, released on 24 April, included:

  • 93 per centof large organisations and 76 per centof small businesses had suffered a security breach in the last year
  • one in seven large organisations had been hacked in the last year, the highest level recorded since the survey began in the early 1990s
  • on average, each large organisation suffered 54 significant attacks over the year. Small businesses experienced an average of one attack a month
  • the average cost of a large organisation’s worst security breach of the year was £110,000-£250,000 and £15,000-£30,0000 for a small business.
  • on average, organisations spend eight per cent of their IT budget on information security but 20 per cent spend less than one per cent.

Chris Potter, PwC information security partner, said: “The cost to UK plc of security breaches is running into billions every year. Large organisations are more visible to attackers, which increases the likelihood of an attack. However, it is also true that small businesses tend to have less mature controls, and so may not detect the more sophisticated attacks.”

Universities and Science Minister David Willetts, whose responsibilities include cyber security issues, said the government was investing £650 million to improve cyber security. He added: “The UK is a world leader in doing business online. This survey is a timely reminder for UK businesses to make sure their information systems are protected.”

Meanwhile, the Information Commissioner’s Office (ICO) has published new guidance on securely deleting information from old computer storage devices.

At the ICO’s request, computer forensics company NCC Group sourced around 200 hard drives, 20 memory sticks and 10 mobile phones, buying them mainly online from internet auction sites and some from computer trade fairs.

When searched, a total of 34,000 files containing personal or corporate information were recovered. At least two hard drives contained enough information to enable someone to steal the former owner’s identity and four others contained information about the employees and clients of four organisations, including health and financial details.

Information Commissioner Christopher Graham said: “People are in danger of becoming a soft touch for online fraudsters simply because organisations and individuals are failing to ensure the secure deletion of the data held on their old storage devices.”

The ICO guidance, published on 25 April, is designed to help individuals securely delete information. It will publish more detailed guidance for organisations shortly.

Link: More details of the Information Security Breaches Survey

Link: ICO guidance on deleting data