Half of UK firms lack handle on security breaches

Half of UK firms lack handle on security breaches

Summary: Forty-nine percent of UK companies do not know how many security breaches they have suffered in the past year

TOPICS: Security

Just under half of UK companies do not know how many security breaches they have experienced in the past year, according to research by accountancy firm PricewaterhouseCoopers.

By contrast, in China only seven percent of firms have no idea how many times they have been hacked or suffered a security breach in the past 12 months.

"The concern is, if you don't have a concrete view of how many security incidents you've had, how can you make informed choices around budgets and prioritisation of resources?" William Beer, PricewaterhouseCoopers (PwC) director of assurance, told ZDNet UK on Thursday.

Beer said that while most UK companies keep logs of intrusion into their system, many do not then look at those logs.

In addition, six out of 10 UK companies do not know where customer data is being held and transmitted, according to a survey undertaken by PwC.

"Clients are struggling with that in the UK," said Beer. "Government clients have certain obligations to fulfil, but we've seen instances of government organisations falling foul of the law."

The problem often lies with third party providers, said Beer. UK data protection law stipulates that sensitive customer data may not normally be stored outside the EU. However, many of the large cloud providers are based in the US, meaning that data can accidentally be sent to the wrong jurisdiction.

Beer recommended that businesses use data-tagging or tokenisation of sensitive data destined for the cloud, so that information will not unintentionally go astray.

The PwC survey, entitled Global State of Information Security, polled 7,000 security professionals around the world.

Last April, a PwC survey found that companies should not blame individual employees for data breaches

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to start the discussion