Increase in security breaches and greater costs of breaches in UK according to PwC report

June 13, 2015 |

Price Waterhouse Coopers have released a report 2015 INFORMATION SECURITY BREACHES SURVEY survey of breaches over the last 12 months in the United Kingdom.  The results are broadly consistent with reports relating to data breaches, such as the 2015 report by Verizon.

The PwC report highlights the ongoing problem of data breaches for organisations but also the relative lack of coordinated and properly funded responses by many organisations.  Human error resulting in data breaches remains a problem which bespeaks a lack of training, management controls and monitoring. Intentional breaches by insiders remains a chronic problem.

Some of the other findings are:

  • 90% of large organisations had a security breach, up from 80% in the previous year; 74% of small organisations had a security breach, up from 60% a year ago.
  • 59% of respondents expect there will be more security incidents in the next year than last year the average cost of a data breach for a large organisation was £1.46m – £3.14m, up from £600k – £1.15m a year ago 
  • the average cost of a data breach for a small organisation was £75k – £311k, up from £65k – £115k a year ago 
  • 69 % of large organisations were attacked by an unauthorised outsider in the last year, up from 55% a year ago.
  • 38% were attacked by an unauthorised outsider in the last year, up from 33% a year ago. 30% of large organisations were hit by DoS attacks in the last year, down from 38% a year ago
  • 16% of small organisations were hit by DoS attacks in the last year, the same as 16% a year ago 75% of large organisations suffered staff related security breaches in the last year, up from 58% a year ago
  • 31% of small organisations suffered staff related security breaches in the last year, up from 22% a year ago.
  • 50% of the worst breachesin the year were caused by inadvertant human error, up from 31% a year ago.
  • 72% of large organisations provide ongoing security awareness training to their staff, up from 68% a year ago
  • 63% of small organisations  provide ongoing security awareness training to their staff, up from 54% a year ago
  • 33% of large organisation say responsibilty for ensuring data is protected is not clear
  • 72% of companies where the security policy was poorly understood had staff related breaches.
  • 28% of the worst security breaches were caused partly by senior management giving insufficient priority on security, up from 7% a year ago
  • 44 % of large organisations increased information security spend in the last year, down from 53% a year ago.
  • 44% of small organisations increased information security spend in the last year, up from 27% a year ago
Some of the key findings of the Verizon report are:
  • there were 79,790 security incidents, of which 2,122 had confirmed data loss
  • the top three industries affected are Public, Technology/Information, and Financial Services, the same as the previous year.
  • in 70% of the attacks where the motive for the attack is known there is a secondary victim, the intent of the first attack being to  advance a different attack against another victim.
  • the proportion of breaches discovered within days still falls well below that of time to compromise even with  the “detection deficit” the smallest recorded in the last decade.
  • 23% of recipients now open phishing messages and 11% click on attachments
  • nearly 50% of users open emails and click on malicious links within the first hour.
  • 28.5% of  data breaches, in the form of compromises, are attributed to point-of-sale attacks, 18.8% are attributed to crimeware and cyber-espionage  respecitvely.  Privilege misuse accounts for 10.6% and web applications for another 9.4%.  The balance are due to miscellaneous errors.  When breaches involve security incidents then miscellaneous errors account for 29.4% of incidents, crimeware for 25.1% and privilege misuse some 20.65%.

One Response to “Increase in security breaches and greater costs of breaches in UK according to PwC report”

  1. Increase in security breaches and greater costs of breaches in UK according to PwC report | Australian Law Blogs

    […] Increase in security breaches and greater costs of breaches in UK according to PwC report […]

Leave a Reply