It's never easy calculating the true cost of inadequate security to business, not least as there are so many variables and such reticence when it comes to full disclosure for fear of brand damage. However, the latest Information Security Breaches Survey (ISBS) from PwC/Infosecurity Europe has had a good bash at it, at least as far as the UK is concerned, and the answer is breathtakingly big: billions of pounds. And that was just last year!
According to the survey which investigated a total of 447 UK-based businesses, the number of large enterprises being hacked into is at an all-time high right now with one in seven experiencing a breach of some kind during the last year. While the smaller business can expect a 'significant outsider attack' at the rate of one per month, that increases to one per week for the larger organisation.
That one in seven detecting hack attacks figure represents the highest level recorded since the PwC/Infosecurity Europe survey started back in the early 1990s which signals either a lack of security awareness from the defence perspective or a jump in attack methodology from the hacking side of the fence, and possibly a bit of both. Certainly the hackers are getting more active, as another record figure reveals: 70% of large companies have detected 'significant attempts' to break into their networks. The fact that these are attempts which have been spotted, and one assumes stopped, does at least show that defence systems can be properly implemented.
Which is just as well when you understand that each large enterprise saw some 54 'significant attacks' by an 'unauthorised outsider' during the year, and that's twice as many as they were experiencing in 2010. When it comes to successful hacks, 15% of those large enterprise defences were penetrated at an average cost of between £110,000 and £250,000. Smaller businesses were faced with an average cost, in terms of disruption, brand damage and clear up of between £15,000 and £30,000.
If you look further than just hack attacks, then the picture gets even worse: broaden the security breach definition to include data loss events and computer fraud then 93% of large companies and 76% of small ones had experienced at least one.
Chris Potter, a security partner at PwC, reckons that “the UK is under relentless cyber attack and hacking is a rising risk to businesses. The number of security breaches large organisations are experiencing has rocketed and as a result, the cost to UK plc of security breaches is running into billions every year."