/EINPresswire.com/ IT Governance, the global leaders in information security expertise, are warning organisations that they must think intelligently when spending their security budget. This means that companies need to balance their budget between technology, people and processes.
The 2013 ISBS technical report, published in April by accountancy firm PwC, has revealed that 93% of large organisations and 87% of small organisations experienced a data breach in 2012. The cost associated with those breaches was £1 billion in the UK alone (that figure has tripled since 2011) with an average cost per breach being £450k-£850k for large organisations, and £35k-£65k for small ones.
Alan Calder, CEO of IT Governance and a cyber security authority, comments, “The findings from the PwC survey paint a gloomy picture, but they are not surprising. Worryingly, according to the report security budgets may be increasing, but this doesn’t translate into effective security defences. To be blunt, if you are making wrong cyber security investments, then you are likely to suffer a data breach.
“Organisations tend to underestimate the role of non-technical staff awareness training on one side, and professional information security training on the other. Investing in technology alone will never be enough to protect your information assets.”
Calder advises that organisations should pay more attention to developing their employees’ information security skills as well as carrying out regular information security risk assessments.
Organisations implementing ISO 27001, the international information security standard, are more likely to avoid or survive a security breach through using an integrated approach to technology, people and processes. The standard provides guidelines on implementing an information security management system (ISMS).
More information on ISMS and ISO 27001 is available at www.itgovernance.co.uk/iso27001.aspx.
– Ends –
FOR FURTHER INFORMATION
Desi Aleksandrova Marketing Executive
+44 (0) 845 070 1750
daleksandrova@itgovernance.co.uk
NOTES TO EDITORS
IT Governance Ltd is the single-source provider of books, tools, training and consultancy for IT governance, risk management and compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is ‘non-geek’, approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.