UK firms still failing to stem data leaks

Most companies are not adequately protecting sensitive information

Nearly three-quarters of UK organisations have been hit by at least one data breach in the past year, despite most now recognising the importance of good data protection as part of a risk management strategy, according to encryption firm PGP Corporation.

The vendor's annual UK Enterprise Encryption Trends study, carried out by research firm Ponemon Institute and released tomorrow, found that 70 per cent of organisations suffered one or more breaches in the past year, up from 60 per cent the previous year.

Multiple breaches have also become more common, according to the survey. Some 12 per cent of respondents admitted to more than five data loss incidents, up from just three per cent last time.

Nearly half thought that encryption was a critical factor in helping to protect their company's reputation, while 51 per cent said that encrypting data on mobile devices was 'important' or 'very important'.

Public sector organisations suffered the highest number of data loss incidents, at an average of 4.48 breaches each, while financial firms came second with an average of 3.11.

PGP chief executive Philip Dunkelberger warned that the government may intervene with intrusive legislation if companies do not shore up their defences adequately. But he added that the responsibility lies with security vendors and end-user organisations.

"If industry doesn't do something about this loss of data the governments, who aren't technical or deal with businesses, will come in and regulate them even more," he said. "But as an industry we've got to do better at making things easier to use and more capable."

Dunkelberger added that organisations need to train staff adequately, and to understand and classify data according to how serious it would be if lost.

"I still don't think people have had a call to action yet," he said. "We're seeing businesses who know better but they're still not doing anything about it. "