NEWS: 2010 Information Security Breaches Survey
PricewaterhouseCoopers LLP has today released the 2010 Information Security Breaches Survey (ISBS) commissioned by Infosecurity Europe. It will come as no surprise that everything is up: breaches, cost of breaches, security budgets, understanding of risk and so on.
Almost half the organisations we polled told us they had increased their expenditure on information security in the last year and roughly the same number said they expected to spend more on it next year. At the same time most organisations (82% of large ones and 75% of smaller ones) assess information security risks now, compared to just 48% who did so in 2008. So organisations are getting better at understanding security risks in a changing business environment where a large majority of them are relying increasingly on external services hosted over the internet.
However, this focus is not translating into fewer breaches of security; in fact the number has risen to well over double what it was two years ago and has reached record levels for all sizes of organisation. All types of breach were on the increase and a conservative estimate is that the total cost of breaches to UK business in billions of pounds is now well into double figures.
Chris Potter, partner, OneSecurity, PricewaterhouseCoopers LLP
Part of the solution to ensure better security is encrypting data and we see that there has [sic] been huge improvements in this area with regard to laptops, USB sticks and other removable media. But educating people is just as important and more companies than ever before now have a security policy, although only 19% of respondents from large organisations believed their policy is very well understood by staff. The root cause of this is that investment in security awareness training, while on the increase, is still often inadequate.
Andrew Beard, director, OneSecurity, PricewaterhouseCoopers LLP
While not denying any of this, it seems to me that there is one simple statement that is being ignored: “We are spending more while losing more because the criminals’ ability to attack is increasing faster than our ability to defend.” Simple as that.
Kevin Townsend 
Well put Kevin.
“although only 19% of respondents from large organisations believed their policy is very well understood by staff” caught my eye in your extract. So about 80% of organizations accept that their security policies are not well understood. What the hell are they doing? I bet management put a stack more effort into telling their shareholders how marvellous they are …
Rgds,
Gary
LikeLike