Infosec: Hacking Of Big Business Hits Record Level

Thomas Brewster,

Successful cyber attacks on big companies hits an all-time high, as science minister David Willetts calls for greater awareness in the private sector

Hackers cost the UK billions over the past year, as one in seven firms admitted to having cyber criminals breach their networks, research from InfoSecurity 2012 has shown.

That is the highest level of successful hacking of big businesses since PwC started surveying the market in the early 1990s. In another record high, 70 percent of large organisations said they had detected significant attempts to break into their networks in the last year.

This has cost UK plc billions in the last year alone, PwC claimed today at InfoSecurity Europe 2012. The average cost of a large organisation’s worst security breach of the year stood at between £110,000 and £250,000, although that was down from the previous survey.

Inside, outside threats

The findings come from the Information Security Breaches Survey (ISBS), which also showed 80 percent of large organisations in the UK suffered security breaches because of staff. This shows how big businesses are being hit on a massive scale by internal and external sources.

The survey took data from 447 UK businesses and was supported by the government’s Department for Business, Innovation and Skills. It also showed 93 percent of large organisations and 76 percent of small businesses were hit by a security breach in the last year.

It seems the message is not getting through to IT teams, however, who still spend a minimal amount of budget on protecting their infrastructure. A fifth spend less than one percent of their IT budget on data security, whilst just 39 percent encrypt data downloaded to smart phones and tablets.

Universities and science minister David Willetts (pictured) was on hand to talk about the results at InfoSec 2012, saying the government was very keen to work with businesses on upping their security.

“I’m still shocked by the number of companies who don’t recognise the importance of protecting their IP,” Willetts said during his keynote at InfoSecurity Europe 2012. “We certainly have still got a lot to do but we have some strengths over others.”

Willetts claimed the UK had an advantage by not treating cyber defence as a solely military issue. “We don’t treat cyber security as solely a government responsibility. We recognise private sector has a huge role to play… We believe partnership with private sector is vital if we are to get this right,” he added.

He also encouraged businesses to be more open about cyber attacks on their infrastructure, so that others can learn about threats and vulnerabilities.

“I would urge companies to be frank about what’s happened. I want to see British businesses, in whatever sector of the economy they are in, to be much more open,” he added.

“We are trying systematically to get the message across.”

Think you know security? Test yourself with our quiz!