Feeds

8 in 10 small UK firms hacked last year - at £65k a pop: Report

Poor security practices blamed, according to gov survey

Choosing a cloud hosting partner with confidence

Infosec 2013 Over 80 per cent of small businesses in the UK suffered a computer security breach last year, according to new government research. And the proportion of large firms that reported attacks has reached a whopping 93 per cent.

The Department for Business, Innovation and Skills' 2013 hacking survey found that 87 per cent of small businesses across all sectors had experienced a breach in the last year. This is up more than 10 percentage points on the previous year's figures. The department is hoping its "Innovation Vouchers" incentive scheme will allow these businesses to protect their assets from the costly attacks.

The department's Technology Strategy Board is extending its Innovation Vouchers scheme to allow SMEs to bid for up to £5,000 from a £500,000 pot to improve their cyber security using external expertise. BIS is also publishing guidance to help small businesses give cybersecurity a higher profile in their businesses.

The average attack caused a Blighty SMB between £35,000 and £65,000 worth of damage - while large firms breaches set them back by an average of £450,000 to £850,000, although several individual breaches cost more than £1m.

Minister for Universities and Science David Willetts said: “Keeping electronic information safe and secure is vital to a business’s bottom line. Companies are more at risk than ever of having their cyber security compromised, in particular small businesses, and no sector is immune from attack. But there are simple steps that can be taken to prevent the majority of incidents.

“The package of support we are announcing today will help small businesses protect valuable assets like financial information, websites, equipment, software and intellectual property, driving growth and keeping UK businesses ahead in the global race.”

The survey, out Tuesday, also revealed that 93 per cent of large organisations (those which employ more than 250 workers) had reported breaches in the past year. The median number of breaches suffered was 113 for a large organisation (up from 71 a year ago) and 17 for a small business (up from 11 a year ago).

Both figures suggest that companies which report hacker attacks are doing so more often. Over three in four (78 per cent) large organisations that responded said they'd been attacked by an unauthorised outsider (up from 73 per cent a year ago) and 63 per cent of small businesses said the same (up from 41 per cent a year ago).

Twelve per cent of respondents said the worst security breaches were partly caused by senior management giving insufficient priority to security.

According to the survey, 36 per cent of the "worst security breaches" were caused by inadvertent human error.

Andrew Miller, PwC information security director, said: “Spending on cyber control as a percentage of an organisation’s IT budget is up this year from an average of 8 per cent to 10 per cent, but the number of breaches and their impact is also up as well so it is clear that there is work to be done in measuring the effectiveness of the security spend."

Mike Cherry, national policy chairman of the Federation of Small Businesses, welcomed the government's push to improve security at UK SMEs.

“Cybersecurity is an increasing risk for small and micro businesses and more and more, a barrier to growth. The FSB is very pleased to see the government announce a package of measures including specific guidance for small firms, helping them take steps towards more effective cybersecurity."

According to Government Communications Headquarters, four in five (80 per cent or more) of currently successful attacks can be prevented by simple best practice, such as ensuring staff do not open suspicious-looking emails or ensuring sensitive data is encrypted.

The 2013 Information Security Breaches Survey (ISBS) was funded by BIS and carried out by PwC in conjunction with the Infosecurity Europe trade show. ®

Intelligent flash storage arrays

More from The Register

next story
Bladerunner sequel might actually be good. Harrison Ford is in it
Go ahead, you're all clear, kid... Sorry, wrong film
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
Euro Parliament VOTES to BREAK UP GOOGLE. Er, OK then
It CANNA do it, captain.They DON'T have the POWER!
Forget Hillary, HP's ex CARLY FIORINA 'wants to be next US Prez'
Former CEO has political ambitions again, according to Washington DC sources
prev story

Whitepapers

Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.