This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

The cost of a data breach has risen by almost 30 per cent

Share this article:

Data breaches cost UK companies £60 each last year.

 

According to a survey by the Ponemon Institute and PGP Corporation, the cost of a data breach was up 28 per cent on 2007 and the average total cost per incident had risen to £1.7 million in 2008.

 

The report found that 53 per cent of reported costs were due to lost business, suggesting that the UK public cares deeply about the loss or theft of their personal information.

 

Meanwhile, 70 per cent of all cases in this year's study involved insider negligence, emphasising that more needs to be done to educate staff on the importance of safeguarding information.

 

Jamie Cowper, director of marketing EMEA at PGP Corporation, said: “When it comes to notification and whether that should be mandatory like it is in the US, opinion is divided. Even the ICO is not strongly in favour but it can work well if there is balanced legislation, in the US 40 plus states will have 40 plus laws so the implementation is not great.

 

“The EU is talking about it, but for European-wide companies, if there was a different law for each state it may cause problems. If there is one requirement it can be a good thing but there has got to be the right level of safeguards.

 

“Seventy per cent of loss is due to people losing their laptops or a business process going wrong, so it is neither an external threat nor hacking, it is people doing their job without the right attention or process or doing something wrong. This means that 30 per cent is malicious attacks, it costs more to educate but if you give people the right tools they will do things better.”

 

Survey respondents identified encryption and identity and access management solutions as the top two technology responses following a data breach. This suggests that UK organisations understand that an enterprise data protection strategy that is supported and understood by all employees must be implemented to properly safeguard information.

 

Cowper said: “Companies will have a policy saying that they have great protection on their laptops but a combination of control strategy gives the difference in depth. You need enterprise data protection, assess what data is at risk and how you protect it. Encryption is a vital tool but how do you recover the data?”

 

Paul Zimski, vice president of security solutions at Lumension Security, said: “Of course, the ideal situation is to never have to disclose breaches in the first place by preventing them from happening.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Microsoft warns on yet another zero-day security flaw

Microsoft warns on yet another zero-day security flaw

Microsoft has warned Windows users about a zero-day security issue with malicious PowerPoint documents being emailed to recipients. The software giant is working on a patch for the problem.

Google launches FIDO-compliant 2FA USB key for Chrome and Gmail

Google launches FIDO-compliant 2FA USB key for Chrome ...

Google has souped up its two-factor authentication (2FA) login process with the launch of Security Key, a physical USB that only works after verifying the login site is truly a ...

Evolving TorrentLocker ransomware generating big money

Evolving TorrentLocker ransomware generating big money

The TorrentLocker ransomware has returned with a vengeance and is starting to bring in big money for its operators.