InfoSec 2014: Cost Of Serious Security Breaches Almost Doubles In A Year

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.techweekeurope.co.uk/news/infosec-2014-cost-serious-security-breaches-almost-doubles-year-144711

The number of serious cyber security breaches suffered by UK businesses has
decreased in 2014 but their cost has increased dramatically, according to
an annual study of the security landscape commissioned by the UK government.

The study also found that small businesses were hit hardest by this new
trend, and the majority of respondents were pessimistic, expecting the
number of breaches to go up again in the nearest future.

“We as the UK government take very seriously. We pride ourselves on having
a particularly large and growing online economy, with the Internet
accounting for eight percent of our GDP, so it’s important that we maintain
consumer confidence in businesses online, and it’s one of the crucial
reasons for our national Cyber Security Strategy,” said David Willets,
Minister for Universities and Science who announced the results of the
survey at InfoSec 2014 conference.

Dangerous times

According to the Information Security Breaches Survey conducted by PWC, the
average cost of the worst breach of the year for a large organisation stood
at £450,000 to £850,000 in 2013. But this year it has increased
considerably, averaging from £650,000 to £1.15 million.

The situation is even worse for small businesses – in 2013, they paid
£35,000 to £65,000 for the worst breach of the year. This year, the costs
have grown, with the bill totalling somewhere between £65,000 and £115,000.

At the same time, the number of organisations that were successfully
attacked or suffered from data loss has decreased by about five percent and
even those organisations which were breached repeatedly reported an
improvement over 2013.

Other trends include an increase in malware attacks – the number of large
organisations that were infected by viruses or malware has increased from
59 percent to 73 percent, while the Distributed Denial of Service (DDoS)
attacks are exactly as popular as they were in 2013.

Sixteen percent of large organisations and four percent of small businesses
said they are aware that an outsider had successfully penetrated their
network and stolen intellectual property or confidential information in the
past year.

Even though cyber security has been gaining more attention in the
mainstream media, the coverage of major security breaches like those at
Target or Adobe shows “just the tip of the iceberg” – only 30 percent of
respondents said they have disclosed their worst breaches to the public.

There have also been some genuinely positive findings – overall investment
in security as a portion of IT budget is increasing across all industries,
even those that traditionally have very small IT budgets.

The number of staff-related breaches has gone down across all
organisations, and the report found that education was key. Seventy percent
of companies where security policy was poorly understood had suffered
staff-related breaches, versus 41 percent at companies where it was
understood well.

The report also highlights an improvement in access to skills and resources
– 56 percent of organisations said they feel well-equipped to deal with
security threats, versus 53 percent a year ago.

While presenting the findings at InfoSec, Willets said that the UK cyber
security market was not just about protecting domestic companies, but also
creating security products and services. He congratulated the seven winners
of the Severn Valley Cyber Security Launchpad – a start-up initiative run
by the Technology Strategy Board – and said that the government was aiming
to increase the UK’s cyber security exports to £2 billion a year by 2016.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!