page contents

Information Security Statistics

Information security statistics & steps you can take to protect your business from a breach.

Information security is a global driver of major change, and businesses must take steps to protect themselves. Despite positive improvements, a worrying number of incidents still occur on a daily basis. In this article, we compile government-backed information security statistics to illustrate the importance of investing in your information security strategy

Information Security Statistics

  • The internet was accessed almost daily by 78% of adults in Great Britain in 2015, compared to 35% in 2006.¹
  • In 2015, 86% of households in Great Britain had access to the Internet, compared to 57% in 2006.¹
  • Sending or receiving emails was the most common Internet activity in 2015, with almost 80% of Internet users going online for this purpose.¹
  • Almost 60% of people surveyed used the Internet for online banking.¹
  • 17% of adults who used the Internet in the past 12 months caught a virus or other computer infection. 52% made backups of their data.¹
  • The consultancy and professional services sectors saw a greater proportion of information security breaches than any other sector surveyed.²
  • 90% of large organisations and 74% of small businesses suffered a security breach in 2015. The average cost to a small business was between £75k to £311k, up from £65k – £115k in 2014.²
  • 44% of organisations increased their information security spend from 2014-2015, with 46% of large and 7% of small organisations expecting to spend more over the next year.²
  • Virus or other malicious software infection is the most common cause of security breach, closely followed by incidents cause by staff.²

Factors That Frequently Contribute to Incidents Occurring:

  • Insufficient priority placed on information security by senior management.²
  • Inadvertent human error.²
  • Lack of staff awareness.²
  • Failure to follow a defined process.²

What are Businesses Doing to Prevent Further Breaches:

  • 39% stated they were not investing more in cyber security.²
  • 34% chose to invest in new technical controls.²
  • 26% invested in training for staff.²
  • 24% invested in managed security services.²

Prepare Your Business For Information Security Challenges

  1. Get the Basics Right

    Download software updates, use strong passwords, delete suspicious emails, use antivirus software and train your staff. Often, the most basic protections are the most important.

  2. Take a Risk Management Approach

    To protect your business from a breach, it’s important to understand the risks you face and what you can do to mitigate them. Start by outlining all areas of your network, your people, environment and your processes, then assign a risk level to each factor. Start with the highest risk item and create a list of actions to help mitigate that risk. Risk management should be an ongoing process that is continually updated and adjusted. The world never stands still, so why should you?

  3. Make Security a Priority

    If you want to prevent a breach, security has to be on the top of your agenda – it should never be an afterthought. Outline your main security objectives and start including security in all relevant decisions you make as a business. Any new systems or users should be subject to rigorous testing and/or implementation procedures to prevent new holes from forming before you realise. Thorough information security training should be high on your new employee training agenda, and an integral part of any annual staff training given by your business.

  4. Develop Information Security Policies

    Security policies will help you to define your approach, ensure you’re on track and provide a centralised framework that all your stakeholders can work from. A well-developed policy will account for all areas of your network and should offer detailed information about how different areas of your business should behave. Once you’ve got policies in place, make sure you enforce them stringently. This will prevent a culture of negligence from developing, which can often happen when no single person takes accountability for policy enforcement.

  5. Get the Support You Need

    If you lack the time or expertise required to protect your business, it’s time to outsource this function. We would highly recommend working with an information security firm who is experienced, skilled and able to provide for all aspects of security. It will be much easier to manage a single relationship & line of responsibility, rather than dealing with dozens of separate providers.

  6. Educate and Inform

    As outlined above, user error is a serious contributor to many information security breaches. Educate your staff and stakeholders about the importance of information security by sharing knowledge and raising awareness. Let them know what you’re doing to protect your business and explain why information security is so important to get right. It may be necessary to consider professional training if your users require a greater level of understanding or if you work in an industry like healthcare where security is of critical importance.

  7. Consider ISO 27001 Certification

    If you’re working in an industry where security is highly important, ISO 27001 certification can help you ensure all areas of your business are secure. The standard provides a framework of policies & procedures that will help you bring your business in line with global best practice. If certification isn’t for you, working with an ISO certified support provider may be the answer you’re looking for. See our awards & certifications.

  8. Lock Down Your Network

To prevent hackers entering your business, you need to close holes that may be present in your network. Treat your network as a physical building, and lock all doors and windows that could leave you open to attacks. Use complex passwords extensively and implement a reliable firewall. It’s also worth monitoring your network for any unauthorised traffic and/or users. Take a look at our 24/7 monitoring service for more information.

Concerned about Information Security?

The most worrying of these information security statistics is the 39% of businesses who did not increase their investment following an information security breach. Leaving information security to chance simply doesn’t cut it anymore. Your security spend should be seen as an investment in the future of your business, and as important as your CCTV system, alarm and physical security. Having successfully prevented breaches for businesses of all sizes, iQuda is well equipped to advise you on all aspects of digital security. We work in line with global best practice in this area such as ISO 27001, ITIL & NHS Information Governance and we are relied on by organisations throughout the UK. We offer a range of information security services such as IT security assessments, managed security and cyber security solutions. Alternatively, our advice and IT consulting solutions offer expert guidance across all areas of business IT & security. If your security needs are catered for in-house, we offer complementary support for your internal team. While your onsite and licensing needs may be taken care you, we can offer extra capacity for 24-hour support, networking monitoring or even short-term support for IT projects such as relocation.

Need Further Advice?

If you would like further information about these information security statistics or require support, please contact us on 01442 251 514 and we will be more than happy to advise you further.


¹ Internet Access – Households and Individuals – Office for National Statistics. 2017. Internet Access – Households and Individuals – Office for National Statistics. [ONLINE] Available at: [Accessed 28 March 2017]. ² 2017. Information security breaches survey 2015 – GOV.UK. [ONLINE] Available at: [Accessed 28 March 2017]. ³ 2017. Cyber security: advice for small businesses – GOV.UK. [ONLINE] Available at: [Accessed 28 March 2017].

Share This