Infosec 2010: Breaches Cost More Than Volcano
IT security breaches in 2009 doubled to around £10bn – five times the cost of the volcanic ash cloud
The cost to the UK from security breaches is more than five times that of the recent flight disruption caused by the icelandic volcano according to management consultants PriceWaterhouseCoopers.
Announcing the release of the latest iteration of its Information Security Breaches Survey at the Infosecurity Show in London this week, Chris Potter, information security assurance partner from PWC described the results as “gloomy”.
Breaches cost £10 billion
According to the report, which is supported by Department for Business Innovation and Skills (BIS) and organisations including the Britsh Computer Society, the total cost to the UK from security incidents was £10 billion in the last year. The survey was based on information collected from more than 500 companies recorded in February this year.
“The best estimate we would have is that in 2008 the total cost to UK was £5 billion and our best estimate for 2010 is at least £10 billion and that is a big sum of money,” he said. “To put it in context I saw the papers this morning put the cost of the volanic erupution at £2 billion.”
Potter also alluded to the arguments among politicians in the run up to the general election on 6 May over budget. ” The political TV debates have seen the leaders arguing avbout 6bn in cuts and here we have £10bn in wasted cost relating to security breaches,” he said.
The report put the average cost of the worst breach for large companies at between £280,000 to £690,000. For smaller companies this figure was between £27,500 and £55,000.
Worst In Ten Year History
PWC said that the latest survey recorded the highest number of security breaches in its more than ten year history.”The bad news is that we are seeing levels of security breaches that are at highest levels ever for large and small organisations,” said Potter.
He added that overall companies were faced with tough challenges protecting their organisations from security breaches.”The overal context is pretty gloomy really. It is not just the number of org effected that has gone up. If you take large respondents then the medium number of breaches gone up from 15 to 45 breaches in the last year,” he said.
But PWC also urged caution in accepting the figures at face value and admitted that there are always issues with extrapoloting from a relatively small pool of respondents.
“There should always be an element of a pinch of salt. There is some inherent uncertainty in extrapolating these figures,” said Potter.
Other findings from the survery include the fact that virus and other malicious software attacks have risen by almost three times since last year’s survey. PWC also pointed to the rapid adoption of some new technologies as potentially contributing to the vulnerabilities experienced by companies particularly small businesses.
“We have seen rapid adoption of technology among small organisations. Small companies’ adoption of wireless has doubled over two yeaers and use of VOIP has almost tripled in that time,” said Andrew Beard, PWC information security advisory director.
The survey also showed that around 69 percent of large companies are using virtualisation technology. The PWC consultants pointed to the lag between rolling out new technology and securing it.
“We have seen in the past that rapid adoption of technology does not lead to such rapid adoption of controls to protect that technology,” said Beard.
Adding to the cost of security breaches, the Information Commissioner now has the power to fine those who lose data up to £500,000 and is pushing for prison sentences for data thieves