Infosec 08: Half of businesses hit by breaches

More than half of UK businesses have suffered at least one data breach during the last year, according to a survey released at Infosec 2008 in London.

According to an annual study by The Ponemon Institute and commissioned by PGP Corporation, 60 per cent of businesses suffered at least one data breach over the last 12 months. The results also showed 28 per cent of organisations had suffered two to five breaches.

Businesses were making more efforts to solve the problem with an increased uptake of data encryption. It showed that 15 per cent now had an encryption strategy applied consistently across the workplace, up from nine per cent in 2007.

This was partly due to the fact that there was a shift in the reasons businesses were using encryption. The use of encryption to comply with privacy and data security regulations had increased from 17 per cent in 2007 to 58 per cent in 2008.

"There was a real shift away from reputational damage being the driver for encryption to compliance and regulation," said Jamie Cowper, director of European marketing at PGP Corporation. "Perhaps that's showing that the market is getting more mature."

The trend showed that regulation was now more than ever driving business behaviour. Aspects like the computer misuse act, the data protection act and financial regulations.

"PCI compliance is a good example," said Alan Bentley, regional vice president in EMEA for Lumension Security, who recently partnered with PGP.

"It is centered around the fact that if you are processing credit card data, you have to conform around regulations that are outlined by credit card companies to cover themselves around insurance."

Bentley said that compliance was evolving. There was always law around the way businesses were operating and regulations governing it, but over the last ten years they started to realise that they couldn't function without IT.

"All records are stored electronically," said Bentley. "All of those laws and regulations are now encompassing electronic data transfer."

The report also showed that encryption across multiple applications was growing, with the consistent encryption of laptops, emails, file servers and backup tapes.

Tape backup encryption was the most common, with 13 per cent reporting use most of the time. Laptop encryption was used most of the time in 12 per cent of organisations, up from 10 per cent in 2007.

"The study reaffirms what we've been telling our customers for a long time - a strategic encryption strategy defends an organisation's data more effectively than assembling point encryption products," said Philip Dunkelberger, president and cheif executive of PGP.

"The results show that the most effective enterprises are seeking a platform approach to encryption," he added.

For more Infosec 2008 coverage, see IT PRO's roundup page here.