Out-Law News 2 min. read

Security breaches rise dramatically, despite spending surge, finds PwC


Companies are spending more on IT security than ever but are suffering from a rapidly escalating number of attacks and breaches, according to consulting firm PricewaterhouseCoopers (PwC).

A PwC study found that though companies were improving their security risk assessment procedures and spending more on IT security, they were suffering from record levels of security breaches, with incidents double in number what they were two years ago.

"Organisations are getting better at understanding security risks in a changing business environment where a large majority of them are relying increasingly on external services hosted over the internet," said PwC's Chris Potter. "However, this focus is not translating into fewer breaches of security."

The study found that when using new technologies, companies are failing to protect themselves and their information. Most users of cloud computing, it found, do not check that sensitive data stored externally is encrypted.

The study found that 34% of companies are critically dependant on externally hosted software used over the internet but that just 17% of companies which host highly confidential data with an external provider ensure that data is encrypted.

"Virtualisation and cloud computing seem to be set to follow the trend, established over the last decade, of controls lagging behind adoption of new technologies," said the report. "Given the increased criticality and confidentiality of information held on virtual storage organisations need to respond quickly to close this control gap."

The report said that the way businesses use technology is changing, and companies need to change the way they protect themselves.

"The business environment is changing rapidly. Social networks and software as a service have moved Internet use beyond websites and email, creating new vulnerabilities," it said. "Criminals are also adapting their techniques and cybercrime is becoming more common."

"More complex threats have emerged over the last two years. Technical controls are no longer, in isolation, enough to protect organisations," said the report. "A combination of people, technology and process is now required. To succeed in today’s environment, organisations need to think several moves ahead of the criminals. Staff and customers need to be more aware of security threats. Collaborative working practices offer real opportunities, but create a demand for assurance across the supply chain."

Businesses have realised that they must take action on security, the survey found. “Almost half the organisations we polled told us they had increased their expenditure on information security in the last year and roughly the same number said they expected to spend more on it next year," said PwC's Potter.

Attacks on companies of all sizes have increased, with large companies "bombarded" with activity, compared to a PwC survey two years ago. It found that 62% were infected with malicious software compared to 21% two years ago; 61% have detected a significant attempt to break into their network compared to 31% two years ago; and 25% have suffered a denial of service attack, up from 11%.

The survey found that 92% of large companies encountered some kind of security incident in the last year.

The fact that confidential data stored off-site is not encrypted could be a particular worry for firms. The survey found that while only 15% of security breaches overall were classed as very or extremely serious, 45% of confidential data breaches were serious.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.