The PwC Information Security Breaches Survey, commissioned by the British Government, has found that almost all companies suffered a data breach in 2014.
The report contains some other eye catching statistics, and to save you going through the entire report yourself, we've summarised the key findings:-
- 90 percent of large companies have suffered a data breach over the last year, compared to 81 percent the year before. Small medium enterprise (SMEs) were also at risk, with 74 percent reporting breaches compared to 60 percent in the 12 months before.
- The average breach cost for a large firm is now £1.46m - £3.14m, compared to £600,000 - £1.15m in last year's report. The average breach cost varied between £75,000 - £311,000 for SMEs, up from £65,000 - £115,000 in 2014.
- PwC conclude “people are the main vulnerabilities to a secure enterprise”, but interestingly noted that malware – the top threat last year – has now fallen behind insider threats and external attacks (38 percent), a sign perhaps that social engineering and phishing and now more favoured by cyber-criminals.
- Staff-related breaches affected three-quarters of large firms, and 31 percent of smaller firms, representing rises from 58 percent and 22 percent compared to a year ago.
- Half of the worst incidents were caused by "inadvertent human error", the study found, while deliberate misuse of systems by employees and contractors accounted for 18 percent of the most serious breaches.
- Companies are having a harder time finding breaches in their network. While 64 percent claimed to have identified incidents within a day a year ago, this had fallen this year to 46 percent. Eight percent took 100 days to identify an incident.