The 2015 information security breaches survey was commissioned by the UK government, and conducted by PwC. The executive summary highlights the following points:
- 90% of large organisations reported that they had suffered a security breach, up from 81% in 2014.
- The majority of UK businesses surveyed, regardless of size, expect that breaches will continue to increase in the next year. The survey found 59% of respondents expected to see more security incidents. Businesses need to ensure their defences keep pace with the threat.
- For companies employing over 500 people, the ‘starting point’ for breach costs – which includes elements such as business disruption, lost sales, recovery of assets, and fines & compensation – now commences at £1.46 million, up from £600,000 the previous year. The higher-end of the average range also more than doubles and is recorded as now costing £3.14 million (from £1.15 in 2014).
- Large and small organisations appear to be subject to greater targeting by outsiders, with malicious software impacting nearly three-quarters of large organisations and three-fifths of small organisations. There was a marked increase in small organisations suffering from malicious software, up 36% over last years’ figures
- Staff-related breaches feature notably in this years’ survey. Three-quarters of large organisations suffered a staff-related breach and nearly one-third of small organisations had a similar occurrence (up from 22% the previous year).
- When questioned about the single worst breach suffered, half of all organisations attributed the cause to inadvertent human error.