All the latest UK technology news, reviews and analysis
|
|
|
21 Mar 2011
The cost of a data breach has risen for the third time in consecutive years to reach on average £1.9m, with malware-related hostile attacks causing significant damage, according to the latest annual research from Symantec.
The firm's 2010 UK Cost of A Data Breach report was previously undertaken by encryption firm PGP, which was bought by the security giant last year.
It found the cost of a data breach in the UK had risen 13 per cent year-on-year to an average of £71 per record.
The incident size ranged from 6,900 to 72,000 records, with the cost of each breach varying from £36,000 to £6.2m. The most expensive incident increased by £2.3m compared to 2009.
So-called hostile attacks were the most expensive for firms to deal with as they have to pay for things like detection and notification and also risk losing customers due to diminished trust.
These were also the fastest growing form of threats, increasing in volume by 22 per cent from the previous year, according to Symantec European product marketing director, Robert Mol.
"Breach costs are getting more expensive and the breaches are getting more effective because of the sophistication and the professionalism involved," he explained.
The most common form of threat was system failure, accounting for 37 per cent of incidents, while negligence came in second with 34 per cent.
However, an increasing concern for those surveyed was the threat from insecure mobile devices connecting to the corporate network. Some 64 per cent of those studied said they recognised this risk, while a whopping 84 per cent said that insecure mobile devices were likely to have accessed corporate data.
"Mobile devices are a growing cause of concern because of their ability to carry confidential information," said Mol.
"The consumerisation of IT means users can use their personal devices to become more efficient at work but in that case IT needs to protect these devices."
Encryption, data loss prevention and anti-malware tools are widely regarded as the major technological components of an effective data security strategy.
Visit our latest poll to tell us your experience of data breaches.
Latest stories from Security
Related videos
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Flash Developer- Actionscript 3.0, AJAX, JSON, computer...
Business Analyst - Risk platform - Equity Derivatives...
Java Developer - Algorithmic Trading - Global Trading...
Junior Middle Office Project Manager, Treasury, IB...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Laptop Locks - Your First Line of Defense
I agree Data Breaches remain a major concern for both enterprise and the public. Yet organisations & individuals are still not taking sufficient measures to reduce the risk of Laptop theft which in turn reduces the risk for data breaches. With 9 out 10 organisations experiencing laptop theft in and outside the secure office environment physical security should be a priority purchase and using locks compulsory to protect valuable data stored on hard drives & virtual servers.
Posted by: Stephen Hoare 21 Mar 2011
Data breaches have a real cost to organisations
The latest data from the Ponemon Institute serves as a stark reminder of the costs of lax data security to UK businesses. Failure to clamp down on data security has real and painful consequences for any organisation, putting jobs at risk, generating lasting bad press and eroding what are already fragile revenues in the current economic climate. Worryingly, the significant figure of £1.9 million average cost per incident, or £71 per compromised record, does not account for the ability of the Information Commissioner’s Office to fine companies in the UK up to £500,000 for each instance of a data protection failing is taken into account. The growth in the cost of a data breach represents the knock-on effect of increased mobile device use in the workplace, including removable storage, as well as an increasingly lax attitude to protecting not only removable storage devices but data in all its forms. Some 64 per cent of those surveyed by Ponemon acknowledged the risk post by mobile devices to data security, while 84 per cent said that insecure mobile devices were likely to have accessed corporate data in some form. Fortunately, the Ponemon Institute report shows investment is increasing as companies look to correct such oversights before they become systemic. The value of such an investment is certainly attractive in comparison to the costs of a data breach.
Posted by: Tom Colvin, Chief Technology Officer, Conseal Security 21 Mar 2011
Organisations need to better understand the source of risk
Once again, UK data breach costs are rising, to an average of £71 per record. Data breaches can create catastrophic bad press and can have a painful impact on the bottom line. Coupled with the new powers of the Information Commissioner’s Office to fine companies in the UK upwards of £500,000 for each instance of a data protection failing, the final overall cost of a breach or loss could very quickly dwarf the £1.9 million revealed by this. The fact that policy failures accounted for the biggest proportion, 37%, indicates that while companies are heavily investing in intrusion prevention, they are not properly managing access by their own employees to critical data such as customer information or patient records. Organisations need to better understand where their greatest sources of risk reside as well as who is accessing sensitive data, how and why. It is the organisation’s responsibility to stringently manage policy and track activity to make sure that access to the most sensitive data is only granted to those for whom it is necessary to do their jobs. Marc Lee, EMEA Sales Director, Courion
Posted by: Marc Lee, EMEA Sales Director, Courion 21 Mar 2011