PwC research reveals one in seven suffered a hack attack with damage running into billions of pounds in 2011
The number of large organisations being hacked into is at a record high with the damage being measured in the billions of pounds every year, according to new research from Info Security 2012 and PwC.
The research revealed that one in seven large UK organisations had detected hackers within their systems over the last year, the highest figure PwC has recorded since the survey started in the early 90s.
In addition to this 70% of large organisations detected what PwC called "significant" attempts by hackers to break into their systems.
On average, each large organisation suffered 54 significant attacks by an unauthorised outsider, which is twice the level it was for the 2010 study, PwC said. 15% of the organisations involved in the research reported that their networks had been successfully penetrated by hackers.
The average cost of a large organisation’s worst security breach of the year was £110,000 to £250,000, and £15,000 to £30,000 for smaller businesses.
The survey also looked at generally data losses and found that the vast majority (93%) of large organisations had suffered some sort of data loss. This figure was 76% for smaller companies.
Despite these worrying figures it seems the message is not getting through to IT departments. According to the PwC research, 12% of businesses say senior management give a low priority to security, while 20% spend less than 1% of their IT budget on information security.
On average, however, organisations spend 8% of their IT budget on information security. This figure drops to 6.5% for businesses that had suffered a very serious breach.
"Organisations that suffered a very serious breach during the year spent slightly below the overall average on security. The key challenge is to evaluate and communicate the business benefits from investing in security controls. Otherwise, organisations end up paying more overall." said Chris Potter, PwC information security partner.
"Given that most organisations take a lot of action after a breach to tighten up their security, scrimping and saving on security creates a false economy. The cost of dealing with breaches and the knee-jerk responses afterwards usually outweigh the cost of prevention."
"The internet has opened up huge opportunities for businesses, and the UK is a world leader in doing business online. This survey showing the changing nature of the threats in cyberspace is a timely reminder for UK businesses to make sure their information systems are protected so they can take full advantage of the online world," added Universities and Science Minister David Willetts, whose responsibilities include cyber security issues.