Half of UK firms lack handle on security breaches

Forty-nine percent of UK companies do not know how many security breaches they have suffered in the past year
Written by Tom Espiner, Contributor

Just under half of UK companies do not know how many security breaches they have experienced in the past year, according to research by accountancy firm PricewaterhouseCoopers.

By contrast, in China only seven percent of firms have no idea how many times they have been hacked or suffered a security breach in the past 12 months.

"The concern is, if you don't have a concrete view of how many security incidents you've had, how can you make informed choices around budgets and prioritisation of resources?" William Beer, PricewaterhouseCoopers (PwC) director of assurance, told ZDNet UK on Thursday.

Beer said that while most UK companies keep logs of intrusion into their system, many do not then look at those logs.

In addition, six out of 10 UK companies do not know where customer data is being held and transmitted, according to a survey undertaken by PwC.

"Clients are struggling with that in the UK," said Beer. "Government clients have certain obligations to fulfil, but we've seen instances of government organisations falling foul of the law."

The problem often lies with third party providers, said Beer. UK data protection law stipulates that sensitive customer data may not normally be stored outside the EU. However, many of the large cloud providers are based in the US, meaning that data can accidentally be sent to the wrong jurisdiction.

Beer recommended that businesses use data-tagging or tokenisation of sensitive data destined for the cloud, so that information will not unintentionally go astray.

The PwC survey, entitled Global State of Information Security, polled 7,000 security professionals around the world.

Last April, a PwC survey found that companies should not blame individual employees for data breaches

Editorial standards