Home > All, Vendor News > NEWS: 2010 Information Security Breaches Survey

NEWS: 2010 Information Security Breaches Survey

PricewaterhouseCoopers LLP has today released the 2010 Information Security Breaches Survey (ISBS) commissioned by Infosecurity Europe. It will come as no surprise that everything is up: breaches, cost of breaches, security budgets, understanding of risk and so on.

Almost half the organisations we polled told us they had increased their expenditure on information security in the last year and roughly the same number said they expected to spend more on it next year. At the same time most organisations (82% of large ones and 75% of smaller ones) assess information security risks now, compared to just 48% who did so in 2008. So organisations are getting better at understanding security risks in a changing business environment where a large majority of them are relying increasingly on external services hosted over the internet.

However, this focus is not translating into fewer breaches of security; in fact the number has risen to well over double what it was two years ago and has reached record levels for all sizes of organisation. All types of breach were on the increase and a conservative estimate is that the total cost of breaches to UK business in billions of pounds is now well into double figures.
Chris Potter, partner, OneSecurity, PricewaterhouseCoopers LLP

Part of the solution to ensure better security is encrypting data and we see that there has [sic] been huge improvements in this area with regard to laptops, USB sticks and other removable media. But educating people is just as important and more companies than ever before now have a security policy, although only 19% of respondents from large organisations believed their policy is very well understood by staff. The root cause of this is that investment in security awareness training, while on the increase, is still often inadequate.
Andrew Beard, director, OneSecurity, PricewaterhouseCoopers LLP

While not denying any of this, it seems to me that there is one simple statement that is being ignored: “We are spending more while losing more because the criminals’ ability to attack is increasing faster than our ability to defend.” Simple as that.

Full report

Categories: All, Vendor News
  1. April 29, 2010 at 10:38 am

    Well put Kevin.

    “although only 19% of respondents from large organisations believed their policy is very well understood by staff” caught my eye in your extract. So about 80% of organizations accept that their security policies are not well understood. What the hell are they doing? I bet management put a stack more effort into telling their shareholders how marvellous they are …

    Rgds,
    Gary

    Like

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s