Tuesday 27 May 2014

The Information Security Breaches Survey 2014, commissioned by the Department for Business, Innovation and Skills and carried out by PwC, was announced by David Willetts at the Infosecurity Europe conference.

The survey reported that 81% of large organisations suffered a security breach over the last year, and whilst this is down from 86% a year ago - and organisations are experiencing fewer breaches overall - the severity and impact of attacks has increased, with the average cost of an organisations’ worst breach rising significantly for the third consecutive year. For small organisations the worst breaches cost between £65,000 and £115,000 on average and for large organisations between £600,000 and £1.15 million.

A very important and relevant finding this year is that, "70% of companies that have a poor understanding of security policy experienced staff related breaches, compared to only 41% in companies where security is well understood. This suggests that communicating the security risks to staff and investing in ongoing awareness training results in fewer breaches."

The full PwC report is available from: http://www.pwc.co.uk/audit-assurance/publications/2013-information-security-breaches-survey.jhtml, and provides a useful perspective for our University's Information Security activities and priorities.

eBay attack is ‘wake-up call to all of us' - Information Commissioner

The Information Commissioner Office blog makes very interesting reading regarding the recent eBay breach. Here is a quote, "This needs to be a wake-up call to all of us. It shows consumers the importance of having different, strong passwords for different online services. It’s a wake-up call to government that the 20-year-old data protection laws are showing their age. But most of all it’s a wake up to businesses. Cyber crime is real. Hacking is real."