The official launch of the 2012 Information Security Breaches Survey took place at Infosecurity Europe yesterday. The results were revealed in full at the show following a keynote speech by Business, Innovation and Skills minister, David Willetts.

Willetts commented: "The internet has opened up huge opportunities for businesses, and the UK is a world leader in doing business online. This survey showing the changing nature of the threats in cyberspace is a timely reminder for UK businesses to make sure their information systems are protected so they can take full advantage of the online world. The survey demonstrates why the Government is right to be investing £650 million to improve cyber security and make the UK one of the safest places to do business in cyberspace. We will use the findings to help design a new annual survey of cyber security breaches beginning next year."

A key finding of the survey, written by PwC in conjunction with Infosecurity Europe and supported by the department for Business, Innovation and Skills, is that organisations large and small are failing to respond to the culture of employees using their own mobile devices for work. As such, they are opening up their systems to security risks.

Eighty two per cent of large organisations reported security breaches caused by staff, including 47 per cent who lost or leaked confidential information. Fifty four per cent of small businesses (38 per cent of large organisations) don’t have a security awareness programme. Some 75 per cent of large organisations (and 61 per cent of small businesses) allow staff to use smartphones and tablets to connect to their corporate systems and yet only 39 per cent (24 per cent of small businesses) apply data encryption on the devices.

“With the explosion of new mobile devices and the blurring of lines between work and personal life, organisations are opening their systems up to massive risk. Smartphones and tablet computers are often lost or stolen, with any data on them exposed. Mobile devices can literally drill straight through your security defences, if you’re not careful,” says Chris Potter, PwC information security partner.

He adds: “However, organisations aren’t responding to these new challenges. Just as we saw a decade ago with computer viruses, companies are slow to adjust their controls as technology usage changes. It’s vital to tell your staff about the risks. If you don’t, your own people could inadvertently become your worst security enemy. It’s clear how important smartphones and tablets have become - as confidential data is increasingly stored on them, the chance of data breaches increases.”

Share Story: