U.K. enterprises suffer costly breaches
Number of incidents down by half, but remainder are more damaging
April 25, 2006 12:00 PM ETIDG News Service - The number of security breaches at large U.K. companies dropped by half over the last two years as larger budgets have been allocated to that area, according to a government-commissioned study released Tuesday.
However, the incidents that do occur are taking a heavier financial toll. The survey estimated that the cost of security incidents to U.K. businesses is 50 percent higher than in 2004, amounting to $17.9 billion annually, according to The Information Security Breaches Survey, which polled 1,000 companies.
The study, conducted every two years, was commissioned by the U.K. Department of Trade and Industry and done by a consortium led by Pricewaterhousecoopers LLP. An abstract of the survey was released in March, and the full results were announced at the Infosec Europe 2006 conference in London.
Overall, the number of businesses with a security incident over the past year dropped from 74% to 64%, the survey said.
"That's good news," said Alun Michael, the minister of state for industry and the regions and member of Parliament. "But it's no cause for complacency."
Large businesses are still much more likely to have a security incident than small ones, and one that is more financially damaging. The survey found the worst incident for large enterprises cost an average of £90,000 (U.S.$160,900). Including all sizes of businesses, the average is $21,453, up from $17,878 two years before.
Those figures may have prompted increased funding for security. Between 4% and 5% of IT budgets are dedicated to information security, up from 3% in 2004 and 2% in 2002.
Emerging technologies pose a threat to businesses, the survey said. One in five wireless networks has either no encryption or other protections. Some 25% of businesses are not protected against spyware, and 55% do not employ protection against threats carried on removable media devices, it said.
Forty percent of businesses allow their staffs to use instant messaging programs without controls over its use. Those businesses using VoIP (voice over Internet Protocol) have not evaluated its security risks, the survey said.
Reprinted with permission from
Story copyright 2009 International Data Group. All rights reserved.
instant messaging programs
Additional Resources



White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...

