Large organisations' security breaches blamed on poor policies

News by SC Staff

A lack of decent security on mobile devices and tablets has led to 82 per cent of large organisations reporting security breaches.

A lack of decent security on mobile devices and tablets has led to 82 per cent of large organisations reporting security breaches.

According to a survey of security professionals from 447 organisations, 47 per cent of large organisations have lost or leaked confidential information held on mobile devices, while only 39 per cent encrypt downloaded data.

The report by PwC, in conjunction with Infosecurity Europe and supported by the Department for Business, Innovation and Skills, found that 54 per cent of small businesses (and 38 per cent of large organisations) do not have a security-awareness programme.

Chris Potter, PwC information security partner, said: “With the explosion of new mobile devices and the blurring of lines between work and personal life, organisations are opening their systems up to massive risk. Smartphones and tablet computers are often lost or stolen, with any data on them exposed, while mobile devices can literally drill straight through your security defences, if you're not careful.

““However, organisations aren't responding to these new challenges. Just as we saw a decade ago with computer viruses, companies are slow to adjust their controls as technology usage changes. It's clear how important smartphones and tablets have become – as confidential data is increasingly stored on them, the chance of data breaches increases.”

Only 26 per cent of respondents with a security policy believed that their staff had "a very good understanding" of it, while 21 per cent said staff understanding was "poor".

Potter said: “Setting out your security is essential to ensure staff know what risks to look out for, how to handle data appropriately and what to do if a breach occurs. The root cause of security breaches by staff is often a failure by organisations to invest in educating staff about security risks. Yet organisations are failing to promote a culture of security awareness so staff are often unaware of the risks they're posing.

“Often, breaches occur through ignorance rather than malice. Possession of a security policy by itself does not prevent breaches; staff need to understand it and put it into practice. The survey results show a clear payback from security awareness programmes – education leads to greater understanding which in turn leads to fewer breaches. Unfortunately, the survey results also show that it often takes a serious incident before companies train their staff.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews