In July 2015 PwC published its latest annual breaches survey based on responses from 664 companies, all based in the UK but varying greatly in size and focus. Although almost half of those were companies with 500 or more employees that work within the professional services or technology sectors, small-to-medium sized businesses from almost all other sectors were also included.
Some of the more interesting findings in this survey were:
- 90% of large organisations reported that they had suffered a security breach (up from 81% in 2014).
- The cost of the worst security breach for a large organisation is in the average range of £1.46-£3.14 million (significantly up from £600k to £1.15 million in 2014).
- The cost of the worst security breach for a small organisation is in the average range of £75,000-£311,000 (up from £65,000 to £115,000 in 2014).
- 15% of large organisation had a security breach involving smartphones or tablets, (up from 7% in 2014).
- The use of malware has increased significantly, affecting nearly 75% of large organisations and 60% of small organisations.
- 50% the single worst breach suffered by all organisations was attributable to human error (up from 31% in 2014).
- 33% of organisations had not conducted any form of security risk assessment.
- The trend in outsourcing certain security functions and the use of cloud computing and storage continue to rise.
This survey suggests that, for a large business, the risk of a breach is very high and for a small business, the costs of a breach could jeopardise its ability to continue operating.
The survey also suggests that most businesses do not have the skills or experience to undertake security risk assessments adequately and choo taskse not to outsource this important.
Failure to plan for a breach is likely to compound damage if a breach occurs and may also lead to an allegations that the organisation failed to take appropriate measures to prevent data security breaches, as required by law.
Above all, these statistics show that both the number and cost of security breaches is rising, that businesses of all sizes and nature are at risk from hacking and that not enough is being done to combat these threats.