Start New Discussion within our Hardware and Software Community

It's never easy calculating the true cost of inadequate security to business, not least as there are so many variables and such reticence when it comes to full disclosure for fear of brand damage. However, the latest Information Security Breaches Survey (ISBS) from PwC/Infosecurity Europe has had a good bash at it, at least as far as the UK is concerned, and the answer is breathtakingly big: billions of pounds. And that was just last year!

dweb-secreport According to the survey which investigated a total of 447 UK-based businesses, the number of large enterprises being hacked into is at an all-time high right now with one in seven experiencing a breach of some kind during the last year. While the smaller business can expect a 'significant outsider attack' at the rate of one per month, that increases to one per week for the larger organisation.

That one in seven detecting hack attacks figure represents the highest level recorded since the PwC/Infosecurity Europe survey started back in the early 1990s which signals either a lack of security awareness from the defence perspective or a jump in attack methodology from the hacking side of the fence, and possibly a bit of both. Certainly the hackers are getting more active, as another record figure reveals: 70% of large companies have detected 'significant attempts' to break into their networks. The fact that these are attempts which have been spotted, and one assumes stopped, does at least show that defence systems can be properly implemented.

Which is just as well when you understand that each large enterprise saw some 54 'significant attacks' by an 'unauthorised outsider' during the year, and that's twice as many as they were experiencing in 2010. When it comes to successful hacks, 15% of those large enterprise defences were penetrated at an average cost of between £110,000 and £250,000. Smaller businesses were faced with an average cost, in terms of disruption, brand damage and clear up of between £15,000 and £30,000.

If you look further than just hack attacks, then the picture gets even worse: broaden the security breach definition to include data loss events and computer fraud then 93% of large companies and 76% of small ones had experienced at least one.

Chris Potter, a security partner at PwC, reckons that “the UK is under relentless cyber attack and hacking is a rising risk to businesses. The number of security breaches large organisations are experiencing has rocketed and as a result, the cost to UK plc of security breaches is running into billions every year."

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

When it comes to successful hacks, 15% of those large enterprise defences were penetrated at an average cost of between £110,000 and £250,000. Smaller businesses were faced with an average cost, in terms of disruption, brand damage and clear up of between £15,000 and £30,000.

Wow, that's alot of pound's. I am really curious what kind group is targeting UK business.

I mean UK economy is not as bad as the US economy but still somebody must really rub one of those Hackers the wrong way.

The article starter has earned a lot of community kudos, and such articles offer a bounty for quality replies.