Record level of hacking revealed in annual PwC security survey

One in seven large organisations have been hacked in the past year

One in seven large organisations admits that they have been hacked in the past year, with the average major organisation facing a significant attack every week. This is the highest level ever recorded since the survey started in the early 1990s, according to PwC, the consultancy that conducted the research.

Furthermore, 70 per cent of large organisations have detected significant attempts to break into their networks in the past year, which is another record high. Smaller businesses are being attacked once a month, although the reduced resources available to small organisations may mean that many attacks are going undetected.

These are just some of the conclusions of the 2012 Information Security Breaches Report, released this week, which surveyed 447 UK businesses.

A total of 93 per cent of large organisations and 76 per cent of small businesses reported that they were attacked in the past year. On average, each large organisation suffered 54 significant attacks by an unauthorised outsider, twice the level in 2010; while 15 per cent of large organisations had their networks successfully penetrated by hackers. The average cost of a large organisation's worst security breach of the year is estimated at between £110,000 and £250,000, and between £15,000 and £30,000 for a small business.

"The UK is under relentless cyber attack and hacking is a rising risk to businesses," said PwC information security partner Chris Potter. "The number of security breaches large organisations are experiencing has rocketed and, as a result, the cost to ‘UK plc' of security breaches is running into billions every year. Since most businesses now share data with their business partners across the supply chain, these numbers are startling and make uncomfortable reading for business leaders."

Amid the reports of regular and sustained hacking attacks across-the-board against corporate targets also comes a warning that fraudsters continue to adopt old-style "social engineering" techniques. The report claims that cases of customer impersonation have increased three-fold since 2008, with financial services one of the main targets.

However, despite the rising risks, one-fifth of organisations spend less than one per cent of their IT budget on information security.