PWC Information Security Breaches Survey 2010
PWC Information Security Breaches Survey 2010
Jun 1, 2010
On Apr 28, PricewaterhouseCoopers released the Information Security Breaches Survey 2010, during the Infosecurity Europe conference in London. PWC has been performing the survey on information security practices and incidents in the UK every few years since the early 1990’s, typically on commission from the UK government. This year the survey was commissioned by the Infosecurity Europe event. Although the survey is based on data from UK companies, I think the trends observed can be generalized for multi-national businesses operating in other parts of the world as well. (In my own experience, British businesses tend to have more information security awareness than businesses in many other parts of the world.)
The 2010 survey’s executive summary offers dramatic comparisons to results from the 2008 survey:
•for small businesses, the number of security incidents doubled from 2008 to 2010. For large businesses, the number tripled.
•for small businesses, the average cost of a respondent’s worst incident of the year doubled from 2008 to 2010. For large businesses, the cost tripled.
Equally interesting were some new questions on the 2010 survey:
•46% of large respondents had staff lose of leak confidential data.
•68% of large respondents have been asked by their customers to demonstrate their compliance with security standards.
For internal risk assessments, it’s often difficult to quantify the cost of being compromised–essentially, the cost of not effectively protecting information assets. Studies such as the Information Security Breaches Survey provide hard data for management about the value of a well-implemented risk management and information security program. I encourage information security professionals to read the report and share it with their management.
—Jim Herbeck
NOUVEL Blogs > Management Awareness
©Copyright PricewaterhouseCoopers LLC