Global information security breaches are on the increase and the cost of fixing them is rising, according to PwC’s latest Global State of Information Security Survey. And while China and Hong Kong companies score well for the safeguards they have in place, they still need to improve. The proliferation of mobile devices in the workplace, and the risks they bring, means that there is no room for complacency.
Globally, the number of security incidents detected has increased by 25% year-on-year. The number varies by industry – Financial Services has seen a 170% increase. Asia Pacific has now overtaken Europe on this measure, with over 2,500 incidents reported by companies in the region. The number of respondents who reported that they do not know how many incidents have occurred has also increased.
China and Hong Kong respondents to the survey have confidence in their ability to fend off attacks – two thirds consider themselves ahead of the pack in strategy and security practices, compared to an average of 50% globally. But detailed analysis of responses shows that only 23% qualify as leaders in this area. This is still better than the global average (17%), but then China and Hong Kong are under increased pressure from security incidents.
“As the Chinese economy grows and becomes more global, individual companies will come under closer scrutiny by those seeking to exploit weaknesses,” says Kenneth Wong, Risk Assurance Partner at PwC Hong Kong. “As businesses expand they will have to play catch-up with a growing number of threats. But they also need to strike a balance between security governance, processes and technology.”
Insiders – be they employees or vendors – are seen as a likely source of security breaches by all respondents (far more so than terrorists or foreign governments). But this view is most pronounced among Hong Kong and China companies – 41% see former employees as a likely source of incidents, compared to 27% worldwide. Competitors are also a much greater cause for concern in Hong Kong and China – 40% see them as a source of incidents, versus just 14% globally.
Whatever the source of security breaches, the cost of responding to these incidents is rising steeply – up by 18% globally and by 28% in Asia Pacific. The average loss for the year reported by Hong Kong/China companies in 2013 totals US$1.8 million.
A seperate study conducted by Vanson Bourne found that security breaches were the most costly events suffered by Asia Pacific respondents, who reported an average annual financial loss of $945,188 due to breaches, followed by $589,537 and $437,805 respectively for data loss and downtime.
“Corporate IT systems have become more complex, cloud technologies and mobile devices have made them more fragmented,” explains Wong. “Consequently, the costs associated with responding to an attack are going to rise. This makes it even more important that cybercrime and information security are seen as a top business concern for senior executives, rather than just an IT or technical issue.”
There are a wide range of processes that can help mitigate these risks. But over half the companies surveyed do not monitor or profile staff behaviour, even though former and current staff are seen as likely sources of risk.
“It’s easy to forget that incidents can arise when well-intentioned staff act in an insecure manner,” adds Wong. “A company’s problems can be as much human as technological.”