70% of UK businesses unable to estimate the cost of a security breach of their information according to independent research by CipherCloud

LONDON, UK, Thursday 6th December, 2012

UK businesses are unable to count the cost of a security breach, according to new research commissioned by CipherCloud, the leader in cloud information protection. According to the survey of over 300 business decision makers in UK companies across key markets including financial services, healthcare and government, nearly 70 per cent of respondents were unable to estimate the cost of a security breach. This was despite admitting they had concerns about security risks when it comes to putting their information in the cloud.

Despite the frequent public announcements about information being breached by cloud threats, including malicious hackers, accidental leakage, and even insiders at cloud application providers, the percentage of senior business decision makers unable to estimate the cost was surprisingly high in relation to the adverse impact on their organisations.

When asked the estimated cost of a security breach of sensitive information at their organization – in terms of compliance fines, contractual breaches and reputation losses –business professionals responded:

  • Don’t know – 68 per cent
  • Over £300 – 2 per cent
  • Between £201 and £300 – 4 per cent
  • Between £101 and £200 – 6 per cent
  • Between £50 and £100 – 15 per cent
  • Between £50 and £100 – 5 per cent

However, when the same business professionals were asked what concerns they had regarding their organisations’ sensitive information being in the cloud, they indicated the following fears (in order of priority):

  • Security and risk of data breaches – 44 per cent
  • Loss of control over data – 33 per cent
  • Data residing under foreign jurisdiction control – 23 per cent
  • EU Data Protection Act – 17 per cent
  • Other regulatory compliance requirements – 10 per cent

With responsibility for security now residing with the company that owns the data, not the cloud provider or services company taking care of it, according to the Information Commissioner’s Office (ICO) recent guidelines on cloud computing, CipherCloud advises businesses to get to grips with relevant legislation and possible fines that are being levied at those found to be non-compliant.
“Our research reveals some interesting insights into the minds of senior business professionals, with a lack of understanding of the true cost of the breach of their sensitive information,” said Richard Olver, Regional Director of EMEA at CipherCloud.  “On the other hand, it’s clear that organisations are very concerned about the risk of their information being breached.”

CipherCloud, the leader in cloud information protection, commissioned the independent research among 300 business decision makers between 15/11/2012 and 23/11/2012 by Opinion Matters.  The survey was targeted at leading enterprise organisations in the UK.

Notes for editors:

Additional findings:

When it comes to data privacy, security, residency and compliance concerns, it is clear that these have impacted companies’ use of cloud applications.

  • On average, 22 per cent admitted that such concerns had slowed at least one or more project
  • 10 per cent said they had put a stop to all cloud application projects
  • 8 per cent said such concerns had stopped one or more cloud applications project.

When asked about the current use and future implementation of cloud-based applications:

  • Business tools, (sales, marketing, HR and procurement) are being used by 12 per cent with 15 per cent planning to migrate
  • Data storage and archiving is already being used by 16 per cent of respondents with a further 17 per cent looking to adopt a cloud-based approach in the next 1-12 months
  • Communications applications (e.g. email, contacts calendars) are being used by 14 per cent of businesses with a further 20 per cent adopting them over the same time period
  • Collaboration tools and shared document services (e.g. Dropbox, Box) are being used by 11 per cent with 20 per cent planning to migrate
  • Internal applications and portals (e.g. travel and finance) are being used by 9 per cent with 19 per cent migrating in the next 1-12 months

European legislation is expected to address cloud security in 2013/2014 as the EU Data Protection Reform is scheduled to move into legislation.  Recently published Information Commissioner’s Office (ICO) guidelines underline that companies remain responsible for personal data, even when passed to cloud network and services providers. Organisations failing to protect private data can be fined up to £500,000 per incident by the ICO.

The UK Government is tasked with moving 50 per cent of government’s ICT to the cloud by 2015.

Gartner estimates that by 2016, 25 per cent of all enterprises will use a cloud encryption gateway to secure one or more cloud services – up from less than one per cent today.

About the research company:

All research conducted by Opinion Matters adheres to MRS Codes of Conduct (2010) in the UK. Within these parameters there are guidelines that ensure all research is carried out in a professional and ethical manner. Furthermore, as members of ESOMAR and AIMRI, Opinion Matters abide by the ICC/ESOMAR International Code on Market and Social Research.

Opinion Matters is registered with the Information Commissioner’s Office and is fully compliant in accordance with the Data Protection Act. The company is also certified under Quality Assurance Scheme IS0 9001.

About CipherCloud
CipherCloud, a leader in cloud information protection, provides cloud encryption and tokenisation gateways to enable organisations to securely adopt cloud applications by eliminating concerns about data privacy, residency, security, and regulatory compliance.  CipherCloud’s groundbreaking gateway encrypts sensitive information in real-time, before it’s sent to the cloud, using operations-preserving encryption and tokenisation technology without impacting usability or application in any way.
The CipherCloud product portfolio supports popular cloud applications out-of-the-box such as Salesforce, Force.com, Chatter, Google Gmail, Microsoft® Office 365, and Amazon AWS.  Additionally, CipherCloud Connect AnyApp and Database Gateway enable organisations to extend data protection to hundreds of 3rd-party cloud and private cloud applications and databases.
Recognised by Gartner as a Cool Vendor in Cloud Security, CipherCloud is backed by premier venture capital firms including Andreessen Horowitz, Index Ventures, and T-Venture, the venture capital arm of Deutsche Telekom. For more information, visit www.ciphercloud.com and follow us on Twitter @ciphercloud.

For further information, please contact:

Paula Averley
Origin Communications
t. +44 (0)845 557 6736
m. +44 (0)7766 257776
e. paula@origincomms.com
w. www.origincomms.com