Feeds

8 in 10 small UK firms hacked last year - at £65k a pop: Report

Poor security practices blamed, according to gov survey

Application security programs and practises

Infosec 2013 Over 80 per cent of small businesses in the UK suffered a computer security breach last year, according to new government research. And the proportion of large firms that reported attacks has reached a whopping 93 per cent.

The Department for Business, Innovation and Skills' 2013 hacking survey found that 87 per cent of small businesses across all sectors had experienced a breach in the last year. This is up more than 10 percentage points on the previous year's figures. The department is hoping its "Innovation Vouchers" incentive scheme will allow these businesses to protect their assets from the costly attacks.

The department's Technology Strategy Board is extending its Innovation Vouchers scheme to allow SMEs to bid for up to £5,000 from a £500,000 pot to improve their cyber security using external expertise. BIS is also publishing guidance to help small businesses give cybersecurity a higher profile in their businesses.

The average attack caused a Blighty SMB between £35,000 and £65,000 worth of damage - while large firms breaches set them back by an average of £450,000 to £850,000, although several individual breaches cost more than £1m.

Minister for Universities and Science David Willetts said: “Keeping electronic information safe and secure is vital to a business’s bottom line. Companies are more at risk than ever of having their cyber security compromised, in particular small businesses, and no sector is immune from attack. But there are simple steps that can be taken to prevent the majority of incidents.

“The package of support we are announcing today will help small businesses protect valuable assets like financial information, websites, equipment, software and intellectual property, driving growth and keeping UK businesses ahead in the global race.”

The survey, out Tuesday, also revealed that 93 per cent of large organisations (those which employ more than 250 workers) had reported breaches in the past year. The median number of breaches suffered was 113 for a large organisation (up from 71 a year ago) and 17 for a small business (up from 11 a year ago).

Both figures suggest that companies which report hacker attacks are doing so more often. Over three in four (78 per cent) large organisations that responded said they'd been attacked by an unauthorised outsider (up from 73 per cent a year ago) and 63 per cent of small businesses said the same (up from 41 per cent a year ago).

Twelve per cent of respondents said the worst security breaches were partly caused by senior management giving insufficient priority to security.

According to the survey, 36 per cent of the "worst security breaches" were caused by inadvertent human error.

Andrew Miller, PwC information security director, said: “Spending on cyber control as a percentage of an organisation’s IT budget is up this year from an average of 8 per cent to 10 per cent, but the number of breaches and their impact is also up as well so it is clear that there is work to be done in measuring the effectiveness of the security spend."

Mike Cherry, national policy chairman of the Federation of Small Businesses, welcomed the government's push to improve security at UK SMEs.

“Cybersecurity is an increasing risk for small and micro businesses and more and more, a barrier to growth. The FSB is very pleased to see the government announce a package of measures including specific guidance for small firms, helping them take steps towards more effective cybersecurity."

According to Government Communications Headquarters, four in five (80 per cent or more) of currently successful attacks can be prevented by simple best practice, such as ensuring staff do not open suspicious-looking emails or ensuring sensitive data is encrypted.

The 2013 Information Security Breaches Survey (ISBS) was funded by BIS and carried out by PwC in conjunction with the Infosecurity Europe trade show. ®

Mobile application security vulnerability report

More from The Register

next story
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
Airbus promises Wi-Fi – yay – and 3D movies (meh) in new A330
If the person in front reclines their seat, this could get interesting
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
Want to beat Verizon's slow Netflix? Get a VPN
Exec finds stream speed climbs when smuggled out
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.