Cyber security and how well organisations and countries are tackling it came to the fore this week with the updating of data to support a UK survey and the release of the European Union Agency for Network and Information Security’s (ENISA) Annual Report.
The cost to UK companies of cyber attacks is almost double what it was last year while 70 per cent of organisations keep their worst security incident under wraps. These were two of the findings in the Information Security Breaches Survey 2014, conducted by the Department for Business Innovation and Skills, that was released in April but updated this month.
The study found that while the number and frequency of attacks had slightly decreased year on year, the cost had greatly increased to such an extent that some companies were forced to change the nature of their business.
The average cost to a large organisation of its worst security breach in 2014 was £600k -£1.15m, up from £450k-£850k in 2013.
Type of threats
The survey also reveals that organisations of all sizes continue to receive external cyber security threats. Twenty-four per cent of large companies detected that outsiders had penetrated their network (compared to 20 per cent in 2013) while 73 per cent suffered from infection by viruses or malicious software (up from 59 per cent a year ago).
Among the 1,125 companies that participated in the study, of which 2 per cent were utilities, overall investment in security as part of total IT budget is increasing across all sectors with energy companies spending the same as educational and financial services entities.
ENISA’s role in cyber security
Meanwhile, ENISA’s released its annual report documenting its progress towards improving cyber security across the European Union.