Infosec 2015: More UK businesses than ever face data breaches as costs spiral

The number of security breaches suffered by UK companies has increased, according to a government-backed report.

Unveiled at the Infosec conference in London this week, the 2015 Information Security Breaches Report found that nine-in-ten organisations have been hit by some kind of security breach over the past year - an increase from 81 per cent the previous year.

The research, conducted by PwC, found that 74 per cent of SMBs were also affected by a breach of some description. This was up from 60 per cent a year ago.

The cost to firms from the most serious breaches has also shot up and is now pegged at between 1.46 million and 3.14 million for a large organisation, up from 1.15 million a year ago. The cost to a small firm from a serious breach was found to be up to 311,000, up from 115,000 a year ago.

Breach costs include business disruption, lost sales and recovery of assets.

The report also found that the number of external attacks on large organisations in the UK had increased by over a third (38 per cent), while malware-related attacks had halved.

Research also revealed that 13 per cent of large organisations suffered a security breach relating to social networking sites and the percentage of large firms reporting an incident involving tablets and smartphones had doubled to 15 per cent from seven per cent the previous year.

Giles Smith, deputy director of Cyber Security and Resilience at the Department of Business, Innovation and Skills, speaking at the launch of the report said that the figures paint "sorry picture on the face of it", but this meant that organisations were getting "better at spotting problems".

He said that more organisations were using the government's "Ten Steps" guidance on how to protect infrastructure with a third of firms now using this information, up from a quarter last year.

Richard Horne, a cyber security partner at PwC speaking at the launch, said that the survey findings should make people "realise that it's about fixing the way technology is used and change the way they work rather than fixing the tech itself."

However, the problems could be much deeper. Horne said that a lot of organisations still don't publicly acknowledge when they've been a victim of a breach.

"What we see here is just the tip of the iceberg," he added.

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.