Infosec 08: Half of businesses hit by breaches
More than half of businesses have suffered data breaches in the last year, with the law now making encryption a necessity.

More than half of UK businesses have suffered at least one data breach during the last year, according to a survey released at Infosec 2008 in London.
According to an annual study by The Ponemon Institute and commissioned by PGP Corporation, 60 per cent of businesses suffered at least one data breach over the last 12 months. The results also showed 28 per cent of organisations had suffered two to five breaches.
Businesses were making more efforts to solve the problem with an increased uptake of data encryption. It showed that 15 per cent now had an encryption strategy applied consistently across the workplace, up from nine per cent in 2007.
This was partly due to the fact that there was a shift in the reasons businesses were using encryption. The use of encryption to comply with privacy and data security regulations had increased from 17 per cent in 2007 to 58 per cent in 2008.
"There was a real shift away from reputational damage being the driver for encryption to compliance and regulation," said Jamie Cowper, director of European marketing at PGP Corporation. "Perhaps that's showing that the market is getting more mature."
The trend showed that regulation was now more than ever driving business behaviour. Aspects like the computer misuse act, the data protection act and financial regulations.
"PCI compliance is a good example," said Alan Bentley, regional vice president in EMEA for Lumension Security, who recently partnered with PGP.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"It is centered around the fact that if you are processing credit card data, you have to conform around regulations that are outlined by credit card companies to cover themselves around insurance."
Bentley said that compliance was evolving. There was always law around the way businesses were operating and regulations governing it, but over the last ten years they started to realise that they couldn't function without IT.
"All records are stored electronically," said Bentley. "All of those laws and regulations are now encompassing electronic data transfer."
The report also showed that encryption across multiple applications was growing, with the consistent encryption of laptops, emails, file servers and backup tapes.
Tape backup encryption was the most common, with 13 per cent reporting use most of the time. Laptop encryption was used most of the time in 12 per cent of organisations, up from 10 per cent in 2007.
"The study reaffirms what we've been telling our customers for a long time - a strategic encryption strategy defends an organisation's data more effectively than assembling point encryption products," said Philip Dunkelberger, president and cheif executive of PGP.
"The results show that the most effective enterprises are seeking a platform approach to encryption," he added.
For more Infosec 2008 coverage, see IT PRO's roundup page here.
-
New chapter, same partners: Keeping the channel aligned with change
Industry Insights How to maintain strong channel partnerships amid evolving strategies and market change
-
Palo Alto Networks snaps up CyberArk in identity security push
News The acquisition marks the latest in a string for Palo Alto Networks
-
PyPI attack: Targeting of repository 'shows no sign of stopping'
News Greater collaboration and understanding of attackers’ tactics is key to mitigating open source security threats
-
Capita's handling of cyber attack shows companies still fail at breach reporting
Analysis Capita initially told customers there was “no evidence” of data having been compromised in the March cyber attack
-
Malware being pushed to businesses by search engines remains a pervasive threat
News High-profile malvertising campaigns in recent months have surged
-
There's only one way to avoid credential stuffing attacks
Opinion PayPal accounts were breached last year due to a credential stuffing attack, but can PayPal avoid taking responsibility?
-
Five things to consider before choosing an MFA solution
In-depth Because we all should move on from using “password” as a password
-
Cyber security suffers from a communication problem
News Negative language around ‘human failures’ is eroding trust between security teams and broader business functions - it has to stop
-
Does LastPass really deserve a last chance?
Opinion After several disastrous security incidents and a communications breakdown, it’s time to leave LastPass for pastures new
-
What is the spell-jacking vulnerability and how can your business avoid exposing data?
In-depth Spell-jacking vulnerabilities are threatening to unwittingly leak data to third parties, undermining any drive to protect privacy