Seven in 10 UK businesses hit by data breach

gallery

Seven in 10 organisations in the UK have been hit by at least one data breach, a report has shown.

In the last 12 months, 88 per cent of global organisations had suffered at least one data breach, representing a rise of three per cent from 2009, the Symantec-sponsored Ponemon Institute research found.

Furthermore, the number of businesses affected by over five breaches has risen, again up by three per cent over 2009 and 12 per cent from 2008.

A third of UK companies surveyed said they did not have some kind of strategy for using encryption across the enterprise, representing a decline from 40 per cent in 2009.

In more positive news, over half of UK firms reported ramped up use of encryption, largely influenced by regulatory compliance.

Jamie Cowper, data protection specialist at Symantec, said some major security breaches had helped raise awareness among UK firms and convinced them of the need for greater protection.

In particular, the HM Revenue and Customs breach in 2007, when 25 million people's information was lost, was a significant moment, Cowper told IT PRO.

“It seems to have needed that seismic event,” he added.

“The UK is definitely ahead of a lot of EU countries as seeing data protection as an issue.”

Last month saw the Information Commissioner’s Office issue its first fines due to breaches at two different organisations.

In the case of employment services company A4e, an unencrypted laptop was stolen, leading to the loss of personal data on 24,000 people.

Cowper said he expected legislation to soon require more of companies than simple encryption.

“I think we’ll get to a point where data loss protection... will become a standard,” he added.

PCI compliance, meanwhile, was one of the major drivers behind companies encrypting data, the report showed.

Cowper praised PCI rules for being “very specific” when compared to other regulations, which simply made firms “go to best efforts.”

Email to a friend

Print this page