Security breaches and network intrusions from outside agents have rocketed in the past two years, according to the 2012 PwC/BIS Information security breaches survey.
This is a major shift in the IT security landscape, where insiders have historically posed the biggest threat. But since the survey was last conducted in 2010, UK plc has come under “a relentless cyber attack”, the study found.
The vast majority of respondents had some kind of security breach in the past year: 93% of large organisations and 76% of small businesses. Seventy per cent of large organisations taking part reported significant attempts to break into their networks, the highest level of intrusion recorded since the Big Four firm started the survey in the early 1990s.
On average, each large organisation suffered 54 significant attacks by an unauthorised outsider, twice the level in 2010, while 15% of large organisations had their networks successfully penetrated by hackers. Smaller companies typically experienced one attack a month.
PwC information security partner Chris Potter offered this explanation for the discrepancy: “Large organisations are more visible to attackers, which increases the likelihood of an attack on their IT systems. They also have more staff and more staff-related breaches, which may explain why small businesses report fewer breaches than larger ones. However, it is also true that small businesses tend to have less mature controls, and so may not detect the more sophisticated attacks.”