The average British business is now hit by a security incident every month, or once a week for larger companies, according to the U.K.’s Department of Trade and Industry’s (DTI) bi-annual security survey, published this week.
The survey of 1,000 companies, completed in January by PricewaterhouseCoopers-led consortium, found that security problems are now an issue faced by the majority of U.K. businesses, with nearly all large companies affected. Businesses haven’t yet adjusted to this new reality, however, and suffer from inadequate security training and overconfidence in their security systems, the survey found.
The lack of adequate concern about security is reflected in spending, which is below the mark considered reasonable by industry observers. In a separate study also released this week, IDC found that security spending was roughly on par with expenditure on printers.
The majority of U.K. companies — 74 per cent — have had a security incident in the past year, rising to 94 per cent for large companies, the DTI survey found. That figure includes accidents such as system failures and data corruption; but malicious incidents are now far more common than accidents, with 68 per cent of all companies (91 per cent of large businesses) suffering at least one malicious attack in the past year. In 2002, only 44 per cent had been purposefully attacked, and in 2000 the figure was just 24 per cent.
“If you go back some years, accidental incidents far outweighed malicious incidents. Now more than twice as many companies had malicious incidents as accidental ones,” said Chris Potter, the PwC partner who led the survey.
Most malicious attacks were caused by viruses or inappropriate usage of IT systems by staff, with the average cost of an organization’s most serious incident about