Where am I? >
Home >
News >
Hacking

Cost of each security breach - £77,000

IT departments struggling to keep up

vnunet.com, 18 Mar 2002

Each security breach costs UK businesses an average of £77,000, according to a survey by consultants KPMG.

The consultancy conducted its first global survey of 641 senior IT executives at companies with turnover greater than $50m (£35m). Eighty came from the UK.

The highest reported loss in the UK was $2.9m (£2m), compared to $10m (£7.02m) worldwide, and all the companies racked up over 700 incidents between them in the last year.

Robert Coles, information security partner at KPMG, said the threats are becoming more complex and from different sources.

"The threats are increasing exponentially and the IT department is struggling to keep up," he said.

Virus incidents were the most common, with 61 per cent of companies falling victim and costing organisations an average of $162,000 (£113,700) and 68 days of lost work.

The next biggest threat was not hacking and denial of service attacks but the physical theft of computer equipment from users.

In Europe almost half of users (44 per cent) reported theft of kit at an average cost of $98,000 (£68,700) and 18 days downtime during the year. This compared to a worldwide figure of 38 per cent.

Coles said the lack of experienced and qualified security staff in the market is also a problem for companies. The survey found 73 per cent of security staff are unqualified.

"It reflects the relative immaturity of security as a profession. It attracts people from IT and various other different backgrounds who are qualified by experience alone," he said.

The introduction of new technologies is also causing the IT department security headaches, the survey said.

Over a third of companies with wireless networks did not protect them with strong enough encryption, and 80 per cent of those that allowed staff to connect PDAs to the corporate network did not have control software.

"It is so easy to put them in that many organisations are not even certain how many wireless connections there are in the company," said Coles.

Unsurprisingly the financial services sector was found to be the most secure, with slightly lower levels of incidents.

This is because the industry tends to use public key infrastructure (PKI) and intrusion detection products more than other sectors, claims Coles.

But users are still spending huge amounts on security and in Europe the average spend on security was $3.4m (£2.4m), accounting for almost 10 per cent of the IT budget.