Information security breaches: are you exposed?

The broadband revolution has allowed companies to use the Internet to reach their customers and enable their staff to be more mobile. According to the 2008 BERR Information Security Breaches Survey, 84% of businesses are heavily dependent on their IT systems.

However, opportunities bring risks. 96% of companies with over 500 staff experience at least one security incident a year, with some suffering thousands of incidents costing them in aggregate millions of pounds. Confidential information is at risk, especially in businesses with over 250 staff; 13% detected unauthorised outsiders within their network (compared with only 1% two years ago) and 6% suffered a confidentiality breach.

Many companies are not doing enough to protect themselves and their customers' information.

What happens if this issue remains unaddressed?

For many firms the impact an incident has on their reputation may be more immediate than financial losses. However, the biggest single impact of security breaches continues to be business disruption. Other implications include the cost of staff time responding to an incident and financial losses through regulators' fines (including the FSA who are clamping down on financial institutions).

How can we help solve this issue?

PwC has helped its clients to:

• Understand the security threats they face including the value (legitimate and criminal) of data within their organisation;
• Undertake a risk assessment to identify areas that are exposed and ensure future investment is targeted in the right areas;
• Integrate security into normal business behaviour, through clear policy and staff education;
• Deploy integrated technical controls and keep them up to date;
• Respond quickly and effectively to breaches, e.g. planning ahead for contingencies;
• Integrate their approach to governance, risk management and compliance; and
• Test that security controls in place are effective.