93% of organisations suffered a data breach in 2013

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.itproportal.com/2013/12/16/93-of-organisations-suffered-a-data-breach-in-2013/

Some 93 per cent of large organisations experienced a security breach last
year, according to a new survey commissioned by the UK Government's
Department for Business, Innovation and Skills (BIS).

This figure has remained largely unchanged since the 2012 report. However,
smaller businesses saw an 87 per cent mark-up in data breaches, up from 76
per cent the year before. This supports the comments of some security
experts, who claim that small to medium businesses have a false sense of
cyber-security.

The overall numbers of attacks also increased, with large companies
experiencing an average of 113 breaches, and smaller enterprises reporting
an average of 17. Both of these numbers are up by almost 50 per cent on
2012 figures.

What's worse – the financial burden of data breaches and web-based security
attacks has also increased. The worst security breaches are currently
costing large companies an average of £450,000 to £850,000 each, while
smaller businesses typically experienced losses of between £35,000 and
£65,000.

These shocking costs are brought about by attacks originating both inside
and outside the organisations affected.

Some 78 per cent of large organisations reported attacks from outside the
business over the last year, with 39 per cent of those incidents being
distributed denial of service (DDoS) attacks.

Something that enterprise leaders should be particularly aware of is the
fact that 36 per cent of data breaches were down to simple human error, a
figure that highlights the importance of proper training and education
surrounding the risks facing the average member of staff.

While most large companies now have a written data security policy,
understanding of these policies is often shamefully low, according to the
survey's findings. Companies whose employees had been educated in the
dangers of data breaches, and what they could do to prevent it, enjoyed a
reduction in data breaches by as much as a half.

The findings are particularly relevant as the number of high-profile data
breaches occurring in 2013 has been truly startling. Adobe, Australian
dating company Cupid Media, racing news site The Racing Post, as well as JP
Morgan, and even the UK Home Office have all suffered catastrophic data
breaches in the last three months alone.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.