Security breaches cost UK billions, says PwC

UK information security incidents are at an all-time high, and are costing UK businesses billions per year, according to auditing house PricewaterhouseCoopers.Hacks, attacks, and insider data mistakes cost the UK between £5bn and £10bn last year, according to PwC One Security partner Chris Potter — who added the proviso that the figure needed to be taken with a pinch of salt due to difficulties in quantifying that kind of loss.

UK information security incidents are at an all-time high, and are costing UK businesses billions per year, according to auditing house PricewaterhouseCoopers.

Hacks, attacks, and insider data mistakes cost the UK between £5bn and £10bn last year, according to PwC One Security partner Chris Potter — who added the proviso that the figure needed to be taken with a pinch of salt due to difficulties in quantifying that kind of loss.

"Most organisations had malicious breaches," Potter told the Infosecurity 2012 conference on Tuesday. "Security breaches reached an all-time peak."

Fifteen percent of organisations were hacked last year, and 91 percent were attacked. The cost of the worst security breaches organisations suffered was between £110,000 and £250,000, PwC said in its 2012 Information Security Breaches Survey.

Many organisations are not planning for future business developments in present security strategies, Potter said.

"We tend to fight yesterday's battles today," said Potter.

We tend to fight yesterday's battles today.

– Chris Potter, PwC One Security

'Bring Your Own Device' is one example of a future battleground that could catch organisations out, Potter told ZDNet UK.

"A particular area of concern is around mobile," said Potter. "[Firms] have to have a clear strategy, decide which systems devices should have access to, have authentication controls in place, and perhaps two-factor authentication if the device gets lost."

Forty-five percent of organisations admitted to breaching the UK Data Protection Act in the survey. Potter told ZDNet UK that most of the breaches were 'serious', but many were down to inadequate staff training.