Earlier this week I attended InfoSec for the first time with much anticipation; and it lived up to the hype. A smorgasbord of everything information security. So much so that I was in danger of needing some indigestion tablets as I helped myself to an APT workshop here; a Guard presentation there; not to mention the bull run of the exhibitor stands with the big boys offering their marketing giveaways.
That said, perhaps the main course for the day was the launch of the 2014 Information Security Breaches survey that included over one thousand responses from across the UK. David Willetts, Minister for Universities and Science, introduced, or to be more precise, re-introduced the session after a late arrival (must have been affected by the Tube strike!), before the PwC contingent who had carried out the survey delved into more detail.
The most grabbing headline from it was that although the number of breaches had dipped slightly since the previous year, the average cost of those breaches had almost doubled. For large organisations the average cost of their worst security breach of the year rose to between £600k – £1.15m, up from £450k-£850k the year before.
The increased costs to an organisation that suffers a breach can be seen in the cost-benefits analysis of large businesses as they assess their needs. Products and solutions that until recently were seen as the preserve of the Defence & Intelligence sectors are now looking more attractive to a wider range of businesses.
At Nexor we are seeing increasing interest from the Critical National Infrastructure and Government departments in particular; as they look for solutions they ensure that their security concerns don’t prevent them from carrying out their business processes. The table below shows that significant percentages of large organisations had suffered from various types of external attacks in the last year.
Another eye-opening stat was that 52% of large organisations have insurance that would cover them in the event of a breach. As my colleague Colin Robbins blogged about recently this isn’t necessarily a good thing – a case of taking insurance rather than addressing the problem perhaps?
The full report, which includes a two page executive summary, can be downloaded from the Department for Business, Innovation & Skills website.
All in all, InfoSec was a good experience for my first time and I’m sure I’ll be returning in 13 months’ time. Yep that is 13 rather than 12, as in 2015 the event is moving from Earls Court down the road to Olympia with a slightly later date in the calendar of 2nd – 4th June 2015. See you there…..