Survey finds that U.K. enterprises suffer costly breaches
While the number of breaches has dropped, the costliness has increased
The number of security breaches at large U.K. companies dropped by half over the last two years as larger budgets have been allocated to that area, according to a government-commissioned study released Tuesday.
However, the incidents that do occur are taking a heavier financial toll. The survey estimated that the cost of security incidents to U.K. businesses is 50 percent higher than in 2004, amounting to £10 billion (US$17.9 billion) annually, according to The Information Security Breaches Survey, which polled 1,000 companies.
The study, conducted every two years, was commissioned by the U.K. Department of Trade and Industry and done by a consortium led by Pricewaterhousecoopers LLP. An abstract of the survey was released in March, and the full results were announced at the Infosec Europe 2006 conference in London.
Overall, the number of businesses with a security incident over the past year dropped from 74 percent to 64 percent, the survey said.
"That's good news," said Alun Michael, the minister of state for industry and the regions and member of Parliament. "But it's no cause for complacency."
Large businesses are still much more likely to have a security incident than small ones, and one that is more financially damaging. The survey found the worst incident for large enterprises cost an average of £90,000 (US$160,900). Including all sizes of businesses, the average is £12,000, up from £10,000 two years before.
Those figures may have prompted increased funding for security. Between 4 percent to 5 percent of IT budgets are dedicated to information security, up from 3 percent in 2004 and 2 percent in 2002.
Emerging technologies pose a threat to businesses, the survey said. One in five wireless networks has either no encryption or other protections. Some 25 percent of businesses are not protected against spyware, and 55 percent do not employ protection against threats carried on removable media devices, it said.
Forty percent of businesses allow their staffs to use Instant Messaging programs without controls over its use. Those businesses using VoIP (voice over Internet Protocol) have not evaluated its security risks, the survey said.
Reproduced from an article published by InfoWorld
© InfoWorld
The original article can be viewed here:
http://www.infoworld.com/article/06/04/25/77748_HNukbreaches_1.html
Permalink Bookmark Digg this story
