The study also claims that the falling numbers could be an understatement of the true figures.
The Department for Business and Regulatory Reform (BERR) has published research into IT security in business which shows that the number of security incidents appears to be falling, but this is partly due to the fact that minor breaches such as viruses are no longer deemed to be security breaches demanding management time.
The survey of 1,000 UK businesses found that the average cost of a breach rose from £7,000 –14,000 to £10,000 – 20,000. It also suggests that many incidents go unreported or even undetected.
"Fewer companies had a security incident in the last year than two years ago. After the peak in 2004, the number of companies affected by security breaches has returned to the level seen in 2002," said the survey.
"While the good news is welcome, it is important to remember that these statistics under-estimate the actual experience," it said. "Attitudes and controls in some companies mean that incident statistics are probably understated. For example, companies that carry out risk assessment are four times as likely to detect identity theft as those that do not."
"There is some evidence that management is becoming desensitised to minor incidents in well-understood areas, such as systems failure and virus infection," said the survey. "Companies no longer regard these as security breaches, but as routine events swept up by business-as-usual controls without needing to be logged."
The Department for Business and Regulatory Reform (BERR) has published research into IT security in business which shows that the number of security incidents appears to be falling, but this is partly due to the fact that minor breaches such as viruses are no longer deemed to be security breaches demanding management time.
The survey of 1,000 UK businesses found that the average cost of a breach rose from £7,000 –14,000 to £10,000 – 20,000. It also suggests that many incidents go unreported or even undetected.
"Fewer companies had a security incident in the last year than two years ago. After the peak in 2004, the number of companies affected by security breaches has returned to the level seen in 2002," said the survey.
"While the good news is welcome, it is important to remember that these statistics under-estimate the actual experience," it said. "Attitudes and controls in some companies mean that incident statistics are probably understated. For example, companies that carry out risk assessment are four times as likely to detect identity theft as those that do not."
Have you read these related articles?
Newsletter:
