There has been an increase in the number of both large and small organisations experiencing breaches according to the 2015 Information security breaches survey.
90% of large organisations reported that they had suffered a security breach, up from 81% in 2014. Small organisations recorded a similar picture, with nearly three-quarters reporting a security breach; this is an increase on the 2014 and 2013 figures.
59% of respondents expect there will be more security incidents in the next year than last.
The majority of UK businesses surveyed, regardless of size, expect that breaches will continue to increase in the next year. The survey found 59% of respondents expected to see more security incidents. Businesses need to ensure their defences keep pace with the threat.
The median number of breaches suffered in 2015 by large and small organisations has not moved significantly from 2014. 14 for large organisations and 4 for small businesses is the median number of breaches suffered in the last year.
Cost of breaches continue to soar
The average cost of the worst single breach suffered by organisations surveyed has gone up sharply for all sizes of business. For companies employing over 500 people, the ‘starting point’ for breach costs – which includes elements such as business disruption, lost sales, recovery of assets, and fines & compensation – now commences at £1.46 million, up from £600,000 the previous year.
The higher-end of the average range also more than doubles and is recorded as now costing £3.14 million (from £1.15 in 2014).
Small businesses do not fare much better – their lower end for security breach costs increase to £75,200 (from £65,000 in 2014) and the higher end has more than doubled this year to £310,800.
Organisations continue to suffer from external attacks
Whilst all sizes of organisations continue to experience external attack, there appears to have been a slow change in the character of these attacks amongst those surveyed. Large and small organisations appear to be subject to greater targeting by outsiders, with malicious software impacting nearly three-quarters of large organisations and three-fifths of small organisations.
There was a marked increase in small organisations suffering from malicious software, up 36% over last years’ figures.
69% of large organisations and 38% of small businesses were attacked by an unauthorised outsider in the last year, up from 55% a year ago and slightly up from 33% a year ago for SMEs.
Better news for business is that ‘Denial of service’ type attacks have dropped across the board, continuing the trend since 2013 and giving further evidence that outsiders are using more sophisticated methods to affect organisations.
You can find the research at: 2015 Information security breaches survey .