, the global leaders in information security expertise, are warning organisations that they must think intelligently when spending their security budget. This means that companies need to balance their budget between technology, people and processes.
The 2013 ISBS technical report
, published in April by accountancy firm PwC, has revealed that 93% of large organisations and 87% of small organisations experienced a data breach in 2012. The cost associated with those breaches was £1 billion in the UK alone (that figure has tripled since 2011) with an average cost per breach being £450k-£850k for large organisations, and £35k-£65k for small ones.
Alan Calder, CEO of IT Governance
and a cyber security
authority, comments, “The findings from the PwC survey paint a gloomy picture, but they are not surprising. Worryingly, according to the report security budgets may be increasing, but this doesn’t translate into effective security defences. To be blunt, if you are making wrong cyber security investments, then you are likely to suffer a data breach.
“Organisations tend to underestimate the role of non-technical staff awareness training
on one side, and professional information security training
on the other. Investing in technology alone will never be enough to protect your information assets.”
Calder advises that organisations should pay more attention to developing their employees’ information security skills as well as carrying out regular information security risk assessments.
Organisations implementing ISO 27001, the international information security standard, are more likely to avoid or survive a security breach through using an integrated approach to technology, people and processes. The standard provides guidelines on implementing an information security management system (ISMS).