Less than one-third of 'serious' security breaches made public

Security incidents routinely hushed up - even if sensitive data is leaked

Three-quarters of organisations that experienced information security breaches in 2013 did not disclose the breach to customers or the public, according to a new survey commissioned by the Department for Business, Innovation and Skills (BIS).

The report, produced by consultants PwC, surveyed UK organisations and found that four-fifths of the biggest - 81 per cent - admitted falling victim to a security breach. Sixty per cent of small businesses, meanwhile, also admitted that they had suffered a security breach in the past year.

While the numbers are down slightly on last year, the estimated costs have increased - almost doubling from about £600,000 in major organisations to £1.15m. Small businesses, meanwhile, saw a similar increase in costs, up from an average of £65,000 to £115,000.

Staff-related security breaches remain a problem, according to the survey, with 58 per cent of major organisations reporting breaches due to insider attacks - down from 73 per cent in the same survey last year - while one-fifth of small businesses, 22 per cent, also reported staff-related security breaches. This was down by half, according to the survey, on the 41 per cent reported last year.

Part of the reason for these declines in number of attacks, believes PwC, is higher spending on security and more staff awareness training. In addition, more than half of organisations - 52 per cent - now have insurance to provide coverage in the event of a catastrophic security breach, with 35 per cent of smaller organisations also having insurance in place.

Sixty-nine per cent of organisations spend part of their computer security budgets on threat intelligence, indicating a proactive approach to computer security.