2015 Security Breaches Report
The latest PWC Information Security Breaches Survey commissioned by HM Government shows that security breaches continue to grow in number and impact across large and small business alike.
The report sampled large and small business across the UK and in both size categories the rise in breaches is significant. Some security commentators say that almost all large business have suffered a breach but just don’t know that they have – potentially a more worrying statistic.
Of those surveyed 59% expect the number of security incidents to grow over the coming 12 months and will continue to increase their spend to seek better protection through technology and people skills.
The impact on businesses will inevitably be measured in terms of additional costs, lost sales and reputational damage. The smaller business often suffer disproportionately more and with some businesses unable to sustain the damage caused and never recover.
The nature of breaches are changing with attacks from externals sources continue to grow. Larger businesses are more prone to attack although smaller businesses may simply not know that they have been attacked as the available budget and resource to monitor attacks is not available. The ‘Denial of Service’ type of attack is continuing to reduce from a high point in 2013.
Whilst external attacks continue to play a large part in the breaches recorded, the Human Factor remains a big issue for large businesses in particular. The need to ensure that a security culture is developed and maintained within a business is ever more present. The acceptance of unexpected emails and the opening of their attachments is a key contributor to a breach where malware is installed and access to systems provided to cyber criminals.
There are clear business benefits to be gained from developing and maintaining a Cyber Security strategy and include:- less disruption caused by breaches; confidence that the business can protect valuable data, both that of the business and of its clients; ability to secure contracts requiring security standard accreditation; and many others.