Security breaches hit highest ever level

Security breaches within organisations have reached their highest ever level, according to new research.

The annual security survey, presented by Pricewaterhouse Coopers LLP at InfoSecurity 2010, showed more breaches than in the survey's 10-year history, even topping the massive influx of worms back in 2004.

The report claimed 83 per cent of small businesses had suffered from breaches in the past year whilst both small and large organisations saw triple the amount of malware infecting their systems.

"You are seeing similar patterns in the rise of theft and fraud," said Chris Potter, information security assurance partner at Pricewaterhouse Coopers LLP.

"Unfortunately it is not just the number of organisations affected which has gone up. If you take large respondents those with more than 250 employees the median number of breaches... has gone up from 15 to 45 per year."

Potter also revealed the cost to the business per breach has risen by threefold, with the total for all businesses rising to an estimated 10 billion.

But is causing this huge rise? Andrew Beard, information security advisory director at Pricewaterhouse Coopers LLP, believes it is down to the speed in which technology is being embraced in 2010.

"Technology is evolving quite rapidly," he said. "Now you may look at this and think the likes of VoIP and wireless networks aren't new technologies [but] what is significant here is the rapid adoption of that technology, especially in small organisations where [the use of] wireless networks has doubled, VoIP has trebled and all companies, big and small, have improved their remote access."

He added: "Typically though we have seen in the past that rapid adoption of technology does not lead to rapid adoption of controls to make sure it is used in a safe way."

Beard also believes the use of third party external services, such as software as a service (SaaS), without thorough checks and the embracing of social networking has helped the rise.

However, despite positive signs in the report that knowledge around the areas was increasing and good investment was being put into information security, the future outlook was still "gloomy."

"Most [survey] respondents don't think it is going to get any better," concluded Potter.

"Security professionals tend to be pessimistic at the best of times... but on balance four times as many people think there will be more security incidents next year than think will be fewer."